Re: [Cfrg] considering new topics for CFRG
"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Tue, 07 January 2014 03:50 UTC
Return-Path: <prvs=608497cfae=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 279201AE40E for <cfrg@ietfa.amsl.com>; Mon, 6 Jan 2014 19:50:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.24
X-Spam-Level:
X-Spam-Status: No, score=-4.24 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_MID=0.497, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xeMmgqr7ppf6 for <cfrg@ietfa.amsl.com>; Mon, 6 Jan 2014 19:50:12 -0800 (PST)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id A7A7E1AE40A for <cfrg@irtf.org>; Mon, 6 Jan 2014 19:50:12 -0800 (PST)
Received: from LLE2K7-HUB01.mitll.ad.local (LLE2K7-HUB01.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id s073nrup012840; Mon, 6 Jan 2014 22:49:53 -0500
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: "'stephen.farrell@cs.tcd.ie'" <stephen.farrell@cs.tcd.ie>, "'paul@marvell.com'" <paul@marvell.com>, "'mcgrew@cisco.com'" <mcgrew@cisco.com>
Date: Mon, 06 Jan 2014 22:49:52 -0500
Thread-Topic: [Cfrg] considering new topics for CFRG
Thread-Index: Ac8LMDyTzjNhgerlTi6M2ShYDbMAhgAK0idY
In-Reply-To: <52CB30B4.9090206@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-01-07_01:2014-01-07, 2014-01-07, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1401060225
Cc: "'turners@ieca.com'" <turners@ieca.com>, "'cfrg@irtf.org'" <cfrg@irtf.org>
Subject: Re: [Cfrg] considering new topics for CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 03:50:15 -0000
X-Message-ID:
Message-ID: <20140418010531.2560.42527.ARCHIVE@ietfa.amsl.com>
Next Gen PKI is of interest to me, and I'd be happy to contribute. I've published a paper in 2010, mentioning the directions I thought beneficial, and am working on a new revision. I think it would be directly applicable, and hopefully useful. Caveat: if my current employer decides that for whatever reason I should not participate, they can stop me. -- Regards, Uri Blumenthal Voice: (781) 981-1638 Cyber Systems and Technology Fax: (781) 981-0186 MIT Lincoln Laboratory Cell: (339) 223-5363 244 Wood Street Email: <uri@ll.mit.edu> Lexington, MA 02420-9185 Web: http://www.ll.mit.edu/CST/ MIT LL Root CA: <https://www.ll.mit.edu/labcertificateauthority.html> DSN: 478-5980 ask Lincoln ext.1638 ----- Original Message ----- From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] Sent: Tuesday, January 07, 2014 04:09 AM To: Paul Lambert <paul@marvell.com>; David McGrew <mcgrew@cisco.com> Cc: Sean Turner <turners@ieca.com>; cfrg@irtf.org <cfrg@irtf.org> Subject: Re: [Cfrg] considering new topics for CFRG On 01/06/2014 08:32 PM, Paul Lambert wrote: >> > This is an intriguing thought, but probably something out of scope for >> > CFRG. (Seems more like a PKNG thing if I understand you right.) > > There was an IETF PKNG that died with no visible results. That was an IRTF RG. IMO it never had a cadre of researchers nor a sufficient set of IETF participants who were interested in a nextgen thing. > This is an area where the IETF seems either too unfocused or mired > in existing PKI to make progress. Hence it's on my wish list ... > Let me know if you have any suggestion for other viable forums in IETF > for such a topic. We have a list where we discussed certificate transparency but which has a broader remit. [1] That's discussing whether or not to start a new CT WG in the IETF at the moment. There's the wpkops WG for operational issues related to the web PKI. [2] They could do with help in terms of cycles to do already-identified work (not hugely interesting for a security/crypto researcher though probably). The PKIX list [3] is still open, and would be a good place to talk about any X.509-related PKI stuff. Not so good for non X.509 based PKI though maybe unless for an approach that's very much evolutionary and starts from X.509. And there's the saag list [4] which is for general security topics if none of the above fit. So stuff is happening and there are places to discuss and propose stuff. And Sean and I would be quite happy to try help PKI nextgen stuff progress in the IETF should there be credible proposals. However, current PKI is not an easy thing to displace, no matter how much you dislike parts or all of it. The main reasons IMO are that replacements are likely to suffer a lot of the same (or equivalent) complexity since its a complex problem, and that any credible replacement will take at least a few years to work out and them 5-10 to get deployed which seems to be beyond the horizon for researchers (speaking as one who chases funding;-). One could argue that that's why of all the "large DB of public keys" approaches, only CT seems to be left standing. One other thing - listing the problems with the current PKI is not likely to be a useful place to start. We know those, and any credible approach would start with a fairly well worked out proposal, including consideration of that 5-10 year overlap period. Its not easy;-) Having said all that though, CT is I think a good proof of concept that the large-DB-of-public-keys thing could be a runner, and we have learned a lot about the wrinkles in X.509 based PKI over the years so there is hope maybe. S. PS: For any of [1]-[4] please check the archives before diving in, or ask someone who might be familiar, which could include me. [1] https://www.ietf.org/mailman/listinfo/therightkey [2] http://tools.ietf.org/wg/wpkops/ [3] https://www.ietf.org/mailman/listinfo/pkix [4] https://www.ietf.org/mailman/listinfo/saag _______________________________________________ Cfrg mailing list Cfrg@irtf.org http://www.irtf.org/mailman/listinfo/cfrg
- Re: [Cfrg] considering new topics for CFRG David McGrew
- Re: [Cfrg] considering new topics for CFRG David McGrew
- Re: [Cfrg] considering new topics for CFRG Trevor Perrin
- [Cfrg] considering new topics for CFRG David McGrew
- Re: [Cfrg] considering new topics for CFRG Sean Turner
- Re: [Cfrg] considering new topics for CFRG Henrick Hellström
- Re: [Cfrg] considering new topics for CFRG David Wagner
- Re: [Cfrg] considering new topics for CFRG Henrick Hellström
- Re: [Cfrg] considering new topics for CFRG Henrick Hellström
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG David McGrew
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG Stephen Farrell
- Re: [Cfrg] considering new topics for CFRG William Whyte
- Re: [Cfrg] considering new topics for CFRG Stephen Farrell
- Re: [Cfrg] considering new topics for CFRG Watson Ladd
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG Dan Brown
- Re: [Cfrg] considering new topics for CFRG Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG William Whyte
- Re: [Cfrg] considering new topics for CFRG Max Pritikin (pritikin)
- Re: [Cfrg] considering new topics for CFRG Watson Ladd
- Re: [Cfrg] considering new topics for CFRG Sean Turner
- Re: [Cfrg] considering new topics for CFRG Sean Turner
- Re: [Cfrg] considering new topics for CFRG Adam Back
- [Cfrg] QKD is pointless (was: Re: considering new… David McGrew
- Re: [Cfrg] considering new topics for CFRG Stephen Farrell
- Re: [Cfrg] QKD is pointless (was: Re: considering… Paterson, Kenny
- Re: [Cfrg] QKD is pointless (was: Re: considering… Sean Turner
- Re: [Cfrg] considering new topics for CFRG Sean Turner
- Re: [Cfrg] considering new topics for CFRG Max Pritikin (pritikin)
- Re: [Cfrg] considering new topics for CFRG Dan Brown
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] QKD is pointless (was: Re: considering… Igoe, Kevin M.
- Re: [Cfrg] QKD is pointless (was: Re: considering… Igoe, Kevin M.
- Re: [Cfrg] QKD is pointless (was: Re: considering… Watson Ladd
- [Cfrg] DANE in the IETF (was: Re: considering new… Paul Hoffman
- [Cfrg] One Key -> RE: considering new topics for … Paul Lambert
- Re: [Cfrg] QKD is pointless (was: Re: considering… Paul Lambert
- [Cfrg] ReL DANE in the IETF (was: Re: considering… Paul Hoffman
- Re: [Cfrg] QKD is pointless David McGrew
- Re: [Cfrg] QKD is pointless Hilarie Orman
- [Cfrg] likelihood that someone has a quantum comp… David McGrew
- Re: [Cfrg] considering new topics for CFRG dan
- Re: [Cfrg] likelihood that someone has a quantum … David Jacobson
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … Watson Ladd
- Re: [Cfrg] likelihood that someone has a quantum … Yoav Nir
- Re: [Cfrg] likelihood that someone has a quantum … Stephen Farrell
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … David McGrew
- Re: [Cfrg] likelihood that someone has a quantum … David McGrew
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … arne renkema-padmos
- Re: [Cfrg] likelihood that someone has a quantum … Igoe, Kevin M.
- Re: [Cfrg] QKD is pointless David Wagner
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … David McGrew
- Re: [Cfrg] likelihood that someone has a quantum … arne renkema-padmos
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG Igoe, Kevin M.
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG David McGrew
- [Cfrg] 'key centric' architecture (was: Re: consi… Rene Struik
- Re: [Cfrg] 'key centric' architecture (was: Re: c… Richard Barnes
- Re: [Cfrg] considering new topics for CFRG David McGrew