Re: [Cfrg] considering new topics for CFRG

"Max Pritikin (pritikin)" <> Wed, 08 January 2014 16:30 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 9BF261ADFA2 for <>; Wed, 8 Jan 2014 08:30:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -15.039
X-Spam-Status: No, score=-15.039 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mpP5CIqEuv2P for <>; Wed, 8 Jan 2014 08:30:03 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 1F1741ADF66 for <>; Wed, 8 Jan 2014 08:30:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=1422; q=dns/txt; s=iport; t=1389198594; x=1390408194; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=6DBxeL+lKPDR2SQSsHv10CarXMuR9XkxzOmwz4F3dBE=; b=iNSAZecdnf9THL9ljQ7LDrk8zJoP34LYpaljVEwAyCJMtq0PdKwrdZFf t0C7fiCLSdHwH3+KBta+nrFS2t0iQDLUCd33BkuqMKu6W3NKKREdxDfL5 09ZwwUlMtYgo0Nu1f7Um5AyrNqzmSUxw+YTCr5nuTv6IiURgUp7leVMi6 c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.95,625,1384300800"; d="scan'208";a="296066907"
Received: from ([]) by with ESMTP; 08 Jan 2014 16:29:53 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id s08GTr4e012812 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 8 Jan 2014 16:29:53 GMT
Received: from ([]) by ([]) with mapi id 14.03.0123.003; Wed, 8 Jan 2014 10:29:53 -0600
From: "Max Pritikin (pritikin)" <>
To: Sean Turner <>
Thread-Topic: [Cfrg] considering new topics for CFRG
Date: Wed, 08 Jan 2014 16:29:52 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "David McGrew (mcgrew)" <>, "" <>
Subject: Re: [Cfrg] considering new topics for CFRG
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 08 Jan 2014 16:30:04 -0000

re: X509 PKI update discussion

We can (and probably will) quibble about the details in an other forum than CFRG. I'll watch for the conversation and am pleased to know Sean is keeping a list. 

On Jan 8, 2014, at 8:29 AM, Sean Turner <>

>> Again though, I don't think thrashing out the pros and cons
>> of X.509 on this list is a good plan.

Fair enough, the conversation steered that way but I'm happy to move to an alternate location.

The discussion started here is a good one. With DICE requiring DTLS and w TLS 1.3 ongoing the timing might be right.  

>> Better would be for a
>> bunch of really-interested parties to go into a huddle and
>> come up with a worked out proposal. (But if a bunch of
>> semi-interested parties ask for a new list to talk about
>> this, I've no problem helping that happen, though wouldn't
>> be very hopeful of a useful outcome.)
> I’m keeping  list now :)
> spt

I'm tentatively in agreement with much of the discussion so far. Particularly regarding the various and multiple principle name issues.

I'd like to add though that "PKI" includes more than just the "global internet" use case that has been much discussed. A valid use case we also need to consider involves enterprise specific key infrastructures.

I'll watch for the continued conversation elsewhere. Cheers,

- max