Re: [Acme] Proposed ACME Charter Language

Joseph Lorenzo Hall <joe@cdt.org> Fri, 15 May 2015 16:20 UTC

Return-Path: <jhall@cdt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55C201A1B2E for <acme@ietfa.amsl.com>; Fri, 15 May 2015 09:20:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.199
X-Spam-Level:
X-Spam-Status: No, score=-1.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tw5jrvWE3QLp for <acme@ietfa.amsl.com>; Fri, 15 May 2015 09:20:18 -0700 (PDT)
Received: from mail-la0-f47.google.com (mail-la0-f47.google.com [209.85.215.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9186C1A1B40 for <acme@ietf.org>; Fri, 15 May 2015 09:20:18 -0700 (PDT)
Received: by labbd9 with SMTP id bd9so127288047lab.2 for <acme@ietf.org>; Fri, 15 May 2015 09:20:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=0n71WLX7H8eLpi4zMjPCGV5iENdq0OXOyhdp8s9+M4g=; b=YHquptL/uawPC3vFuWkZ/A7AWYiLOKPzu1glwKGuRIFGopZT+pL2aU/e1gZ01LqW9B YAbaMYuh4YnxPHLPW8TdJ3OWzj0oDcTUI0E3iJwWBsB/UnHgjQBl6pmhAW4iQPjEnwUD Kuk4NzolorNOZrLl92678RFxaTXm95mRGQGKCbk07mi/QU7ZS7onMlyQfhxkl7Cq1xWp I9qtVg6o45dGrhTtjIlM7wMkvczTIbOLxnyKetYk+yAT53v8AKjDk2yTRAJvvL7ucRjj LkIPG8YWZW7moCtSlMCKvUE18SU8YnwqEGF4/dtTc0AEXUdfhAW8/s+pk3VT/B9VGBvD Q77w==
X-Gm-Message-State: ALoCoQmg6j3V6RWbCVNFalQvNU/loL63mceC3w7tAHO7UD9bkpRJlzWqTqzvr3y4O0F/996IDr2T
X-Received: by 10.152.8.102 with SMTP id q6mr7580681laa.27.1431706816658; Fri, 15 May 2015 09:20:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.84.15 with HTTP; Fri, 15 May 2015 09:19:55 -0700 (PDT)
In-Reply-To: <0054C9EA-8CE5-49E4-8D4A-CBC29B19FDB2@pbnj-solutions.com>
References: <6A9C3116-8CC9-472C-8AA8-F555D060834C@vigilsec.com> <55351EAB.1060905@cs.tcd.ie> <E81896AA-245F-48B7-9B38-86AC30D2F82A@vigilsec.com> <553523E4.2090808@cs.tcd.ie> <84718B26-1DA3-4D46-8B6F-B615806229D7@vigilsec.com> <CABcZeBOy2yBEMGMxcDy=E3fvc+OF1sZfvOV7twJHAvKqtrxtLg@mail.gmail.com> <28919F11-9336-41F6-9922-4E3E2DC4E935@gmail.com> <BD7B96B1-CD50-408F-AA06-49C20AB102A6@vigilsec.com> <CA+9kkMAH+U25ZhLq1HhGFHKMAECu+Y1ZJH-h4bOrEXaUQ15LjQ@mail.gmail.com> <87d225qwbq.fsf@latte.josefsson.org> <B30EDBDF-0803-4AB0-9EBB-DD726F617C5B@vigilsec.com> <2dc5d20a27664efe994398ec508f0e7e@ustx2ex-dag1mb4.msg.corp.akamai.com> <1E6924DE-D59C-4323-9658-766937368B98@vigilsec.com> <7F45C649-4C78-441E-8649-45D0F74168C2@vigilsec.com> <m2617wyu1v.wl%randy@psg.com> <CA+9kkMA18=KBtSWnS3murcFT7tfxNAe1Oi2YFNSkhOXTPDAFTw@mail.gmail.com> <m24mngytae.wl%randy@psg.com> <CA+9kkMB4uYr1SVUEqFKOB7AmPe793Mb-zAVU0GCK5d=XH9rsCg@mail.gmail.com> <m23830ysez.wl%randy@psg.com> <87bnhl511t.fsf@alice.fifthhorseman.net> <0054C9EA-8CE5-49E4-8D4A-CBC29B19FDB2@pbnj-solutions.com>
From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Fri, 15 May 2015 12:19:55 -0400
Message-ID: <CABtrr-V6BsgfNhfKQ2UqwevouBy4HxBDBk8_Z2Q8LeF7KbUCtw@mail.gmail.com>
To: Paul Winkeler <pwinkeler@pbnj-solutions.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/ZfvyusF9d8VI0IlZv5KlUcEeTAo>
Cc: Randy Bush <randy@psg.com>, Ted Hardie <ted.ietf@gmail.com>, IETF ACME <acme@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [Acme] Proposed ACME Charter Language
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2015 16:20:20 -0000

I think the point DKG was making is that if an attacker has private
key material you are lucky if they simply revoke your key, so yeah.

On Fri, May 15, 2015 at 12:16 PM, Paul Winkeler
<pwinkeler@pbnj-solutions.com>; wrote:
> Isn’t this a means to effect a denial of service attack?  End users maybe
> “smart” enough to click on the message that allows them to connect anyway,
> but there are many application stacks out there that fall apart once the
> certs that control their encrypted connections are revoked…
>
> On May 15, 2015, at 11:10, Daniel Kahn Gillmor <dkg@fifthhorseman.net>;
> wrote:
>
> If I compromise your secret key, the nicest possible thing i can do with
> it is get it revoked.  There is no reason to prevent this action from
> anyone who has access to the secret key.
>
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>



-- 
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871