Re: [Cfrg] considering new topics for CFRG

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 06 January 2014 22:51 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ED441AE2A4 for <cfrg@ietfa.amsl.com>; Mon, 6 Jan 2014 14:51:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Level:
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w5bSHu-DLx3d for <cfrg@ietfa.amsl.com>; Mon, 6 Jan 2014 14:51:11 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 2C9F71AE28D for <cfrg@irtf.org>; Mon, 6 Jan 2014 14:51:11 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 3E26FBE35; Mon, 6 Jan 2014 22:51:02 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EMCmHO+2ARu3; Mon, 6 Jan 2014 22:50:54 +0000 (GMT)
Received: from [10.87.48.14] (unknown [86.45.52.213]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 08900BE33; Mon, 6 Jan 2014 22:50:54 +0000 (GMT)
Message-ID: <52CB334D.9000703@cs.tcd.ie>
Date: Mon, 06 Jan 2014 22:50:53 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Paul Lambert <paul@marvell.com>, David McGrew <mcgrew@cisco.com>
References: <52C755AA.70200@cisco.com> <CEED2882.2B867%paul@marvell.com> <52C9F739.1020301@cisco.com> <7BAC95F5A7E67643AAFB2C31BEE662D018B7D6E094@SC-VEXCH2.marvell.com> <52CB30B4.9090206@cs.tcd.ie>
In-Reply-To: <52CB30B4.9090206@cs.tcd.ie>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Sean Turner <turners@ieca.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] considering new topics for CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jan 2014 22:51:13 -0000

Oops - and I forgot one of my own WGs:-) The DANE WG [0]
has developed PKI based on DNS and depending on DNSSEC
and is doing work on a few extensions still.

S.

[0] http://tools.ietf.org/wg/dane/


On 01/06/2014 10:39 PM, Stephen Farrell wrote:
> 
> 
> On 01/06/2014 08:32 PM, Paul Lambert wrote:
>>>> This is an intriguing thought, but probably something out of scope for
>>>> CFRG.   (Seems more like a PKNG thing if I understand you right.)
>>
>> There was an IETF PKNG that died with no visible results. 
> 
> That was an IRTF RG. IMO it never had a cadre of researchers
> nor a sufficient set of IETF participants who were interested
> in a nextgen thing.
> 
>> This is an area where the IETF seems either too unfocused or mired
>> in existing PKI to make progress.  Hence it's on my wish list ...
>> Let me know if you have any suggestion for other viable forums in IETF
>> for such a topic.
> 
> We have a list where we discussed certificate transparency but
> which has a broader remit. [1] That's discussing whether or
> not to start a new CT WG in the IETF at the moment.
> 
> There's the wpkops WG for operational issues related to the
> web PKI. [2] They could do with help in terms of cycles to do
> already-identified work (not hugely interesting for a
> security/crypto researcher though probably).
> 
> The PKIX list [3] is still open, and would be a good place to
> talk about any X.509-related PKI stuff. Not so good for non
> X.509 based PKI though maybe unless for an approach that's
> very much evolutionary and starts from X.509.
> 
> And there's the saag list [4] which is for general security
> topics if none of the above fit.
> 
> So stuff is happening and there are places to discuss and
> propose stuff. And Sean and I would be quite happy to try
> help PKI nextgen stuff progress in the IETF should there
> be credible proposals.
> 
> However, current PKI is not an easy thing to displace, no
> matter how much you dislike parts or all of it. The main
> reasons IMO are that replacements are likely to suffer a lot
> of the same (or equivalent) complexity since its a complex
> problem, and that any credible replacement will take at least
> a few years to work out and them 5-10 to get deployed which
> seems to be beyond the horizon for researchers (speaking as
> one who chases funding;-). One could argue that that's why
> of all the "large DB of public keys" approaches, only CT
> seems to be left standing.
> 
> One other thing - listing the problems with the current PKI
> is not likely to be a useful place to start. We know those,
> and any credible approach would start with a fairly well
> worked out proposal, including consideration of that 5-10
> year overlap period. Its not easy;-)
> 
> Having said all that though, CT is I think a good proof of
> concept that the large-DB-of-public-keys thing could be
> a runner, and we have learned a lot about the wrinkles in
> X.509 based PKI over the years so there is hope maybe.
> 
> S.
> 
> PS: For any of [1]-[4] please check the archives before
> diving in, or ask someone who might be familiar, which
> could include me.
> 
> [1] https://www.ietf.org/mailman/listinfo/therightkey
> [2] http://tools.ietf.org/wg/wpkops/
> [3] https://www.ietf.org/mailman/listinfo/pkix
> [4] https://www.ietf.org/mailman/listinfo/saag
> 
> 
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
> 
>