Re: [Cfrg] considering new topics for CFRG

Stephen Farrell <> Mon, 06 January 2014 22:40 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 50B3E1AE29A for <>; Mon, 6 Jan 2014 14:40:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.539
X-Spam-Status: No, score=-0.539 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id f4y1mav9naaU for <>; Mon, 6 Jan 2014 14:40:03 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 70E501AE27E for <>; Mon, 6 Jan 2014 14:40:01 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 099D1BE39; Mon, 6 Jan 2014 22:39:51 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id znUCxKNkjtQg; Mon, 6 Jan 2014 22:39:49 +0000 (GMT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id E133FBE35; Mon, 6 Jan 2014 22:39:48 +0000 (GMT)
Message-ID: <>
Date: Mon, 06 Jan 2014 22:39:48 +0000
From: Stephen Farrell <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Paul Lambert <>, David McGrew <>
References: <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Sean Turner <>, "" <>
Subject: Re: [Cfrg] considering new topics for CFRG
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Jan 2014 22:40:06 -0000

On 01/06/2014 08:32 PM, Paul Lambert wrote:
>> > This is an intriguing thought, but probably something out of scope for
>> > CFRG.   (Seems more like a PKNG thing if I understand you right.)
> There was an IETF PKNG that died with no visible results. 

That was an IRTF RG. IMO it never had a cadre of researchers
nor a sufficient set of IETF participants who were interested
in a nextgen thing.

> This is an area where the IETF seems either too unfocused or mired
> in existing PKI to make progress.  Hence it's on my wish list ...
> Let me know if you have any suggestion for other viable forums in IETF
> for such a topic.

We have a list where we discussed certificate transparency but
which has a broader remit. [1] That's discussing whether or
not to start a new CT WG in the IETF at the moment.

There's the wpkops WG for operational issues related to the
web PKI. [2] They could do with help in terms of cycles to do
already-identified work (not hugely interesting for a
security/crypto researcher though probably).

The PKIX list [3] is still open, and would be a good place to
talk about any X.509-related PKI stuff. Not so good for non
X.509 based PKI though maybe unless for an approach that's
very much evolutionary and starts from X.509.

And there's the saag list [4] which is for general security
topics if none of the above fit.

So stuff is happening and there are places to discuss and
propose stuff. And Sean and I would be quite happy to try
help PKI nextgen stuff progress in the IETF should there
be credible proposals.

However, current PKI is not an easy thing to displace, no
matter how much you dislike parts or all of it. The main
reasons IMO are that replacements are likely to suffer a lot
of the same (or equivalent) complexity since its a complex
problem, and that any credible replacement will take at least
a few years to work out and them 5-10 to get deployed which
seems to be beyond the horizon for researchers (speaking as
one who chases funding;-). One could argue that that's why
of all the "large DB of public keys" approaches, only CT
seems to be left standing.

One other thing - listing the problems with the current PKI
is not likely to be a useful place to start. We know those,
and any credible approach would start with a fairly well
worked out proposal, including consideration of that 5-10
year overlap period. Its not easy;-)

Having said all that though, CT is I think a good proof of
concept that the large-DB-of-public-keys thing could be
a runner, and we have learned a lot about the wrinkles in
X.509 based PKI over the years so there is hope maybe.


PS: For any of [1]-[4] please check the archives before
diving in, or ask someone who might be familiar, which
could include me.