< draft-birk-pep-trustwords-02.txt   draft-birk-pep-trustwords-03.txt >
Network Working Group V. Birk Network Working Group V. Birk
Internet-Draft H. Marques Internet-Draft H. Marques
Intended status: Standards Track pEp Foundation Intended status: Standards Track pEp Foundation
Expires: December 28, 2018 B. Hoeneisen Expires: September 12, 2019 B. Hoeneisen
Ucom.ch Ucom.ch
June 26, 2018 March 11, 2019
IANA Registration of Trustword Lists: Guide, Template and IANA IANA Registration of Trustword Lists: Guide, Template and IANA
Considerations Considerations
draft-birk-pep-trustwords-02 draft-birk-pep-trustwords-03
Abstract Abstract
This document specifies the IANA Registration Guidelines for This document specifies the IANA Registration Guidelines for
Trustwords, describes corresponding registration procedures, and Trustwords, describes corresponding registration procedures, and
provides a guideline for creating Trustword list specifications. provides a guideline for creating Trustword list specifications.
Trustwords are common words in a natural language (e.g., English) to Trustwords are common words in a natural language (e.g., English) to
which the hexadecimal strings are mapped to. This makes verification which the hexadecimal strings are mapped to. This makes verification
processes (e.g., comparison of fingerprints), more practical and less processes (e.g., comparison of fingerprints), more practical and less
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 28, 2018. This Internet-Draft will expire on September 12, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 39 skipping to change at page 2, line 39
4.2.6. Registration Document(s) (<registrationdocs>) . . . . 8 4.2.6. Registration Document(s) (<registrationdocs>) . . . . 8
4.2.7. Requesters (<requesters>) . . . . . . . . . . . . . . 8 4.2.7. Requesters (<requesters>) . . . . . . . . . . . . . . 8
4.2.8. Further Information (<additionalinfo>) . . . . . . . 9 4.2.8. Further Information (<additionalinfo>) . . . . . . . 9
4.2.9. Wordlist (<wordlist>) . . . . . . . . . . . . . . . . 9 4.2.9. Wordlist (<wordlist>) . . . . . . . . . . . . . . . . 9
5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
7.1. Normative References . . . . . . . . . . . . . . . . . . 10 7.1. Normative References . . . . . . . . . . . . . . . . . . 10
7.2. Informative References . . . . . . . . . . . . . . . . . 10 7.2. Informative References . . . . . . . . . . . . . . . . . 10
Appendix A. IANA XML Template Example . . . . . . . . . . . . . 12 Appendix A. IANA XML Template Example . . . . . . . . . . . . . 12
Appendix B. Document Changelog . . . . . . . . . . . . . . . . . 13 Appendix B. Document Changelog . . . . . . . . . . . . . . . . . 12
Appendix C. Open Issues . . . . . . . . . . . . . . . . . . . . 13 Appendix C. Open Issues . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
In public-key cryptography comparing the public keys' fingerprints of In public-key cryptography comparing the public keys' fingerprints of
the communication partners involved is vital to ensure that there is the communication partners involved is vital to ensure that there is
no man-in-the-middle (MITM) attack on the communication channel. no man-in-the-middle (MITM) attack on the communication channel.
Fingerprints normally consist of a chain of hexadecimal chars. Fingerprints normally consist of a chain of hexadecimal chars.
However, comparing hexadecimal strings is often impractical for However, comparing hexadecimal strings is often impractical for
skipping to change at page 3, line 35 skipping to change at page 3, line 35
contact verification in Extensible Messaging and Presence Protocol contact verification in Extensible Messaging and Presence Protocol
(XMPP) [RFC6120], for X.509 [RFC3647] certificate verification in (XMPP) [RFC6120], for X.509 [RFC3647] certificate verification in
browsers or in block chain applications for crypto currencies. browsers or in block chain applications for crypto currencies.
2. Terms 2. Terms
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
o Handshake: The process when Alice - e.g. in-person or via phone - o pEp Handshake: The process when Alice - e.g., in-person or via
contacts Bob to verify Trustwords (or by fallback: fingerprints) phone - contacts Bob to verify Trustwords (or by fallback:
is called handshake. [E-D.birk-pep-handshake] fingerprints) is called pEp Handshake.
[I-D.marques-pep-handshake]
o Man-in-the-middle attack (MITM): cf. [RFC4949] o Man-in-the-middle attack (MITM): cf. [RFC4949]
3. The Concept of Trustword Mapping 3. The Concept of Trustword Mapping
3.1. Example 3.1. Example
A fingerprint typically looks like: A fingerprint typically looks like:
F482 E952 2F48 618B 01BC 31DC 5428 D7FA ACDC 3F13 F482 E952 2F48 618B 01BC 31DC 5428 D7FA ACDC 3F13
skipping to change at page 10, line 40 skipping to change at page 10, line 40
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>. <https://www.rfc-editor.org/info/rfc4949>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
7.2. Informative References 7.2. Informative References
[E-D.birk-pep-handshake]
Marques, H., "pretty Easy privacy (pEp): Contact
Authentication through Handshake", June 2018,
<https://pep.foundation/dev/repos/internet-
drafts/file/tip/pep-handshake/
draft-marques-pep-handshake-00.txt>.
Early draft
[E-D.birk-pep-keysync] [E-D.birk-pep-keysync]
Birk, V. and H. Marques, "pretty Easy privacy (pEp): Key Birk, V. and H. Marques, "pretty Easy privacy (pEp): Key
Synchronization Protocol", June 2018, Synchronization Protocol", June 2018,
<https://pep.foundation/dev/repos/internet- <https://pep.foundation/dev/repos/internet-
drafts/file/tip/pep-keysync/ drafts/file/tip/pep-keysync/
draft-birk-pep-keysync-NN.txt>. draft-birk-pep-keysync-NN.txt>.
Early draft Early draft
[I-D.birk-pep] [I-D.birk-pep]
Birk, V., Marques, H., Shelburn, S., and S. Koechli, Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp):
"pretty Easy privacy (pEp): Privacy by Default", draft- Privacy by Default", draft-birk-pep-03 (work in progress),
birk-pep-01 (work in progress), January 2018. March 2019.
[I-D.marques-pep-handshake]
Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp):
Contact and Channel Authentication through Handshake",
draft-marques-pep-handshake-01 (work in progress), October
2018.
[ISO693] "Language codes - ISO 639", n.d., [ISO693] "Language codes - ISO 639", n.d.,
<https://www.iso.org/iso-639-language-codes.html>. <https://www.iso.org/iso-639-language-codes.html>.
[ISOC.bnet] [ISOC.bnet]
Simao, I., "Beyond the Net. 12 Innovative Projects Simao, I., "Beyond the Net. 12 Innovative Projects
Selected for Beyond the Net Funding. Implementing Privacy Selected for Beyond the Net Funding. Implementing Privacy
via Mass Encryption: Standardizing pretty Easy privacy's via Mass Encryption: Standardizing pretty Easy privacy's
protocols", June 2017, <https://www.internetsociety.org/ protocols", June 2017, <https://www.internetsociety.org/
blog/2017/06/12-innovative-projects-selected-for-beyond- blog/2017/06/12-innovative-projects-selected-for-beyond-
skipping to change at page 14, line 26 skipping to change at page 14, line 19
number number
o Decide whether in non-bijective Wordlists the redundant words need o Decide whether in non-bijective Wordlists the redundant words need
to be repeated in the IANA Registration to be repeated in the IANA Registration
o Register only a hash over the wordlist with IANA? o Register only a hash over the wordlist with IANA?
o Does it make sense to open registrations for other patterns than o Does it make sense to open registrations for other patterns than
just words, e.g., images? just words, e.g., images?
o Create terms section by file inclusion - cf. other drafts
Authors' Addresses Authors' Addresses
Volker Birk Volker Birk
pEp Foundation pEp Foundation
Oberer Graben 4 Oberer Graben 4
CH-8400 Winterthur CH-8400 Winterthur
Switzerland Switzerland
Email: volker.birk@pep.foundation Email: volker.birk@pep.foundation
URI: https://pep.foundation/ URI: https://pep.foundation/
 End of changes. 10 change blocks. 
21 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/