Re: [Cfrg] considering new topics for CFRG

"Max Pritikin (pritikin)" <> Wed, 08 January 2014 02:31 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C65B21AE295 for <>; Tue, 7 Jan 2014 18:31:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.039
X-Spam-Status: No, score=-10.039 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZB3C5cwnRjup for <>; Tue, 7 Jan 2014 18:31:51 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 731361AE293 for <>; Tue, 7 Jan 2014 18:31:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=4936; q=dns/txt; s=iport; t=1389148302; x=1390357902; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=qezF+o/YjWU3Mt/Y+2fVEUcrdjmRmrvaKDJ3PyD/amc=; b=TyjYbQOMfsUul/Vd8ipB0QHb1CuhJCdlCgMIp1eRHpptFwCnaiLytHkn QiWfk2qeesVABJsDo+HlZz1v+zWfbqgOjUENjXIMiAK8NUUARjJlHlzuL v0Oed/li7QI2yCqFhg/85Uhrr0V48YAJdMuz16ALQAewoAln8YA1QLtkO g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.95,621,1384300800"; d="scan'208";a="11253672"
Received: from ([]) by with ESMTP; 08 Jan 2014 02:31:40 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id s082Ve9T001658 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 8 Jan 2014 02:31:40 GMT
Received: from ([]) by ([fe80::200:5efe:]) with mapi id 14.03.0123.003; Tue, 7 Jan 2014 20:31:39 -0600
From: "Max Pritikin (pritikin)" <>
To: Stephen Farrell <>
Thread-Topic: [Cfrg] considering new topics for CFRG
Date: Wed, 08 Jan 2014 02:31:39 +0000
Message-ID: <>
References: <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Sean Turner <>, "David McGrew (mcgrew)" <>, "" <>
Subject: Re: [Cfrg] considering new topics for CFRG
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 08 Jan 2014 02:31:56 -0000

With the advent of DICE (DTLS in Constrained Environments), and similar attempts to discuss optimizations, it would seem that any discussion of "next generation" PKI discussions should include discussion on how to optimize the X.509 certificate/chain format. That appears to be missing in this conversation so far.

I agree that any replacement for our current PKI is going to run into the same complexities. So, rather than assume they don't exist, would it be reasonable to look at how to optimize the existing work? 

Some off the cuff examples to frame what I mean:
- Define a specific lightweight trust anchor format (yes, we can all use X.509 certs. But what about a canonical smaller format?) 
- Optimized version of the X.509 cert itself:
	Perhaps a compressed format similar to the (old, abandoned and incomplete) draft for compressed certs?
	Perhaps a v4 format that is restructured to provide easier/quicker parsing
	Or if a non-ASN1 format is truly preferred then such a format could be defined that is can carry the same semantics as the existing PKI (namely, if the problem is ASN1 then we can fix that without also re-inventing all the rest) 
Approaching the questions from this angle leads me to ask what _exactly_ the concerns with the current PKI are. Is it the ASN1, the CA infrastructure, the certificate chains, the cruft in each individual certificate, or? 


- max

On Jan 6, 2014, at 3:39 PM, Stephen Farrell <> wrote:

> On 01/06/2014 08:32 PM, Paul Lambert wrote:
>>>> This is an intriguing thought, but probably something out of scope for
>>>> CFRG.   (Seems more like a PKNG thing if I understand you right.)
>> There was an IETF PKNG that died with no visible results. 
> That was an IRTF RG. IMO it never had a cadre of researchers
> nor a sufficient set of IETF participants who were interested
> in a nextgen thing.
>> This is an area where the IETF seems either too unfocused or mired
>> in existing PKI to make progress.  Hence it's on my wish list ...
>> Let me know if you have any suggestion for other viable forums in IETF
>> for such a topic.
> We have a list where we discussed certificate transparency but
> which has a broader remit. [1] That's discussing whether or
> not to start a new CT WG in the IETF at the moment.
> There's the wpkops WG for operational issues related to the
> web PKI. [2] They could do with help in terms of cycles to do
> already-identified work (not hugely interesting for a
> security/crypto researcher though probably).
> The PKIX list [3] is still open, and would be a good place to
> talk about any X.509-related PKI stuff. Not so good for non
> X.509 based PKI though maybe unless for an approach that's
> very much evolutionary and starts from X.509.
> And there's the saag list [4] which is for general security
> topics if none of the above fit.
> So stuff is happening and there are places to discuss and
> propose stuff. And Sean and I would be quite happy to try
> help PKI nextgen stuff progress in the IETF should there
> be credible proposals.
> However, current PKI is not an easy thing to displace, no
> matter how much you dislike parts or all of it. The main
> reasons IMO are that replacements are likely to suffer a lot
> of the same (or equivalent) complexity since its a complex
> problem, and that any credible replacement will take at least
> a few years to work out and them 5-10 to get deployed which
> seems to be beyond the horizon for researchers (speaking as
> one who chases funding;-). One could argue that that's why
> of all the "large DB of public keys" approaches, only CT
> seems to be left standing.
> One other thing - listing the problems with the current PKI
> is not likely to be a useful place to start. We know those,
> and any credible approach would start with a fairly well
> worked out proposal, including consideration of that 5-10
> year overlap period. Its not easy;-)
> Having said all that though, CT is I think a good proof of
> concept that the large-DB-of-public-keys thing could be
> a runner, and we have learned a lot about the wrinkles in
> X.509 based PKI over the years so there is hope maybe.
> S.
> PS: For any of [1]-[4] please check the archives before
> diving in, or ask someone who might be familiar, which
> could include me.
> [1]
> [2]
> [3]
> [4]
> _______________________________________________
> Cfrg mailing list