Re: [Bimi] Where do the signed certificates come from?
Dave Crocker <dhc@dcrocker.net> Wed, 13 February 2019 18:22 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FE291200B3 for <bimi@ietfa.amsl.com>; Wed, 13 Feb 2019 10:22:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BIN_Tp5B94-9 for <bimi@ietfa.amsl.com>; Wed, 13 Feb 2019 10:22:36 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1BED128766 for <bimi@ietf.org>; Wed, 13 Feb 2019 10:22:36 -0800 (PST)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id x1DINmCI003756 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 13 Feb 2019 10:23:48 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1550082229; bh=ycF6povxdVRpzBXQuVEX2lVTCBMRqM5bYIalm/oEjV4=; h=Subject:To:Cc:References:From:Reply-To:Date:In-Reply-To:From; b=pVuEm6aMrdIYXomSs0p3+rJVQHumHyYnHlnCydMx9RYu6JeHfl4JjtEKHrqk2G89j JZiY1hif7UNv4C5sxcFM61tCUm9j8dsYfIxLvRWa5VDKOOgQAwPAF83bdN1v3/hQrj 6iRB3cCV/8Cd7/ikXQVPcJWXF8wiE2QqeuEG3WJ4=
To: Thede Loder <thede=40skyelogicworks.com@dmarc.ietf.org>
Cc: Wei Chuang <weihaw@google.com>, "bimi@ietf.org" <bimi@ietf.org>, John R Levine <johnl@taugh.com>, Tim Hollebeek <tim.hollebeek@digicert.com>
References: <alpine.OSX.2.21.1902102338460.11704@ary.qy> <CAAFsWK2_wz94TudmZ+uiYd2rL9bs8GqR3WjLH0Uma1PDTc6Muw@mail.gmail.com> <BN6PR14MB1106027C827338A44EDBE5A583640@BN6PR14MB1106.namprd14.prod.outlook.com> <8ba3c80f-74d1-b739-070a-f0003eb82a22@dcrocker.net> <4FCA9CB5-56CE-4AC7-9BC1-1069777A9F95@skyelogicworks.com>
From: Dave Crocker <dhc@dcrocker.net>
Reply-To: dcrocker@bbiw.net
Organization: Brandenburg InternetWorking
Message-ID: <ebf7e79e-d651-f385-d0a7-e9a156a59013@dcrocker.net>
Date: Wed, 13 Feb 2019 10:22:19 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <4FCA9CB5-56CE-4AC7-9BC1-1069777A9F95@skyelogicworks.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/E5J5-BGfUAGXUizaDszRC4Jxf4E>
Subject: Re: [Bimi] Where do the signed certificates come from?
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 18:22:39 -0000
Thede, On 2/13/2019 8:38 AM, Thede Loder wrote: >> On Feb 11, 2019, at 16:14, Dave Crocker <dhc@dcrocker.net >> What is the basis for thinking that this will work? At scale? > > Some reasons in favor of scale: A goal for my question is thoughtful and focused consideration of the issues. Long lists of unanchored references don't achieve that, even if the list is in fact perfectly relevant. This is an exercise for which giving the answer is simply not enough. We need to show our work. So... > * Unlike 30 years ago, there are now 50+ Certificate Authorities 30 years ago was a starting point. My comment was about 30 years of history, not about the starting point. And my point was that though X.500 certs were in fact originally intended to support this sort of certification of 'interesting' attributes, over that entire 30 year history, they have proved to be not up to the task. So the question is why this proposed use will enjoy a better outcome? Also note that there are massive problems with exposures and misbehaviors of the CA operator mix. (Oddly, folks inside the security community seem unaware of these problems, while folks outside the security community seem to view them as obvious and massive.) > spanning the globe and serving a mix of market consituents, large and > small. Supporting VMCs are operationaly incremental. This being a technical forum, I hope we can avoid marketing language. As for the technical point about being operationally incremental, I'm not sure what you mean. Please be specific. > * TLS certificates are well known to individuals and organizations large > and small. They didn't even exist 30 years ago. And yet the real-world semantics and efficacy of their use is impressively narrow, and there is widespread bypassing of the independent CA system. > * the process for obtain a Verified Mark Certificate is largely the same > as obtaining a TLS certificate, and the extra steps will be readily > understood by those responsible for the management of intellectual > property. (At least for the first type of alternative identity > contemplated) The semantics for a VMC are significantly different than for a TLS cert. The differences are important, as are the existing issues with getting and using a TLS cert. For the most part, the usual, reasonable benefit of a TLS cert is a private connection to the site you intended. (And note that with the popular use of self-signed certs even that benefit has some important limitations.) That's quite different from trusting a displayed mark to an end user. > > * DNS scales (or we have bigger problems) I'll guess this should translate into: BIMI is built on top of an existing platform of services that are known to scale well. That's not an irrelevant point, but it's also not an interesting one for this discussion, IMO, since that's not where the design and operations concerns are. > * Internet users want it - clear demand That claim keeps being made but I've never seen any serious documentation for it. Worse is the question of efficacy. What is the end-user benefit in having marks displayed? I'll suggest you point at, and comment on, the considerable research about this point that was done when the BIMI effort started a couple of years ago. > * there is no "rocket science" involved; the formats, process and > supporting technology are straightforward extentions and analogous to > what is already in practice today There is in fact quite a bit of rocket science. There is even a basis for claiming that what is being attempted is beyond the state of the art, based on historical performance. The problem with claiming things are rosy is in looking at this component or that rather than at the integrated system. > * authentication schemes necessary for safe use a primary anticipated > application having 2 billion users is already widely supported This seems to be another component-level comment, but I'm not certain. Hoping that you are not commenting on the underlying crypto algorithms, I'll guess you mean SPF, DKIM and DMARC. If so, note the considerable misunderstandings that are prevalent about their semantics and how much broader the semantic of Bimi is, which suggests even more serious misunderstandings. > * trademarks scale. There are ~2M design marks with the USTO, estimated > 20M world wide, and scalable processes and government support to handle > increased demands. They have legal standing. Registration > jurisdictions can be expressed as ISO country codes unambiguously The internet is global. How things work in a particular country are generally not that relevant to Internet standards work. On this list already, others have have already raised some points about challenges in using trademarks within Bimi. And this topic has been raised throughout the history of Bimi work. To date I haven't seen any sort of comprehensive treatment of the concern that actually deals with it. I believe that one of the submitted documents basically classes it as 'for further work'. FWIW: The string 'mark' doesn't appear in draft-chuang-bimi-certificate-00, draft-chuang-bimi-certificate-00 It appears in draft-brotman-ietf-bimi-guidance-00 in a hypothetical context. So I assume the serious effort on this is in the nascent Verified Mark Certificates Usage(*) document? (Anecdote: In the pre-ICANN IAHC, which developed the term gTLD, the model of registrar/registry split, and the concept of the UDRP, and for which I was the editor, our first meeting included the representative of the WTO suggesting we resolve the global DNS concerns about trademarks by using international trademarks. Being on non-lawyer, I pretended ignorance, noting that I thought trademarks were only national constructs, and then I asked whether international trademarks already existed. The WTO representative admitted they didn't but offered that discussions were underway. I asked how long they had been going on for and he said 100 years. So forgive me if I find myself rather more skeptical about resolution of this topic than one might wish...) > To the point of an existence proof, it would be impossible to have one > prior to having it. But do we think CAs can issue millions or even > billiions of VM Certs? Sure. My question really was about related work. To the extent that Bimi relies on existing capabilities or makes relatively small adaptations to existing capabilities, the the only risk is in the increment. To the extent that it is doing anything that really has no serious precedent, the risk is obviously larger. The same holds for relying on existing work that in fact has proved problematic. d/ (*) https://docs.google.com/document/d/1OzL9FqexZpZJQuoqAK2E3sXjOwEcLNCvXW7e88Olt2I/edit#heading=h.h31mzi4ac5st -- Dave Crocker Brandenburg InternetWorking bbiw.net
- [Bimi] Where do the signed certificates come from? John R Levine
- Re: [Bimi] Where do the signed certificates come … Wei Chuang
- Re: [Bimi] Where do the signed certificates come … Wei Chuang
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- [Bimi] Forest vs. Trees Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Tim Hollebeek
- Re: [Bimi] Where do the signed certificates come … Richard Clayton
- Re: [Bimi] Where do the signed certificates come … Richard Clayton
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- Re: [Bimi] Forest vs. Trees Seth Blank
- Re: [Bimi] Forest vs. Trees Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- Re: [Bimi] Where do the signed certificates come … Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Richard Clayton
- Re: [Bimi] Forest vs. Trees Thede Loder
- Re: [Bimi] Forest vs. Trees Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- Re: [Bimi] Where do the signed certificates come … Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Richard Clayton
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- Re: [Bimi] Where do the signed certificates come … John R Levine
- Re: [Bimi] Where do the signed certificates come … Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Thede Loder