Re: [Cfrg] considering new topics for CFRG

Sean Turner <TurnerS@ieca.com> Wed, 08 January 2014 15:29 UTC

Return-Path: <TurnerS@ieca.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 405B61ADED5 for <cfrg@ietfa.amsl.com>; Wed, 8 Jan 2014 07:29:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Level:
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JHWgZjMSk6uA for <cfrg@ietfa.amsl.com>; Wed, 8 Jan 2014 07:29:48 -0800 (PST)
Received: from gateway03.websitewelcome.com (gateway03.websitewelcome.com [69.93.37.25]) by ietfa.amsl.com (Postfix) with ESMTP id 78F5C1ADF5A for <cfrg@irtf.org>; Wed, 8 Jan 2014 07:29:48 -0800 (PST)
Received: by gateway03.websitewelcome.com (Postfix, from userid 5007) id 2AFA0EF7C2618; Wed, 8 Jan 2014 09:29:39 -0600 (CST)
Received: from gator3286.hostgator.com (gator3286.hostgator.com [198.57.247.250]) by gateway03.websitewelcome.com (Postfix) with ESMTP id 0993BEF7C25C3 for <cfrg@irtf.org>; Wed, 8 Jan 2014 09:29:39 -0600 (CST)
Received: from [173.73.130.192] (port=54480 helo=[192.168.1.4]) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80) (envelope-from <TurnerS@ieca.com>) id 1W0v4c-0000xg-1Z; Wed, 08 Jan 2014 09:29:38 -0600
Content-Type: multipart/signed; boundary="Apple-Mail=_CC1D7A6E-D5A4-489C-A5E2-F18A717703A3"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Sean Turner <TurnerS@ieca.com>
In-Reply-To: <52CD31F9.4030302@cs.tcd.ie>
Date: Wed, 08 Jan 2014 10:29:34 -0500
Message-Id: <491C2306-0FB5-4EA8-B918-C20B75767D4D@ieca.com>
References: <52C755AA.70200@cisco.com> <CEED2882.2B867%paul@marvell.com> <52C9F739.1020301@cisco.com> <7BAC95F5A7E67643AAFB2C31BEE662D018B7D6E094@SC-VEXCH2.marvell.com> <52CB30B4.9090206@cs.tcd.ie> <91BE5B4B-AE45-4C05-A423-EDF744A54766@cisco.com> <52CD31F9.4030302@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1827)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - irtf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-IP: 173.73.130.192
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([192.168.1.4]) [173.73.130.192]:54480
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 8
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
Cc: David McGrew <mcgrew@cisco.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] considering new topics for CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2014 15:29:51 -0000

On Jan 08, 2014, at 06:09, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

> 
> Hi Max,
> 
> On 01/08/2014 02:31 AM, Max Pritikin (pritikin) wrote:
>> 
>> With the advent of DICE (DTLS in Constrained Environments), and
>> similar attempts to discuss optimizations, it would seem that any
>> discussion of "next generation" PKI discussions should include
>> discussion on how to optimize the X.509 certificate/chain format.
>> That appears to be missing in this conversation so far.
> 
> True. OTOH, DICE is definitely predicated on DTLS so any
> discussion on cert formats for that would fit into the TLS
> WG discussion on 1.3. I've not however seen that listed on
> any 1.3 wish-list so far so it seems unlikely to me at
> least that DICE will push things along here.
> 
>> I agree that any replacement for our current PKI is going to run into
>> the same complexities. So, rather than assume they don't exist, would
>> it be reasonable to look at how to optimize the existing work?
> 
> I'm not sure. I think that might run the risk of inheriting
> all the warts (e.g. policy mapping, the N-R bit) without
> providing much incentive to change. When we were working on
> RFC3280bis (which became 5280) we did try to do as much of
> that as we could, but very few simplifications turned out
> to be possible. It is fair to say though that a lot of the
> real practical problems had not really bitten folks at
> that stage though, so I guess its possible that the same
> exercise done now might pay off.
> 
>> Some off the cuff examples to frame what I mean: - Define a specific
>> lightweight trust anchor format (yes, we can all use X.509 certs. But
>> what about a canonical smaller format?) - Optimized version of the
>> X.509 cert itself: Perhaps a compressed format similar to the (old,
>> abandoned and incomplete)
>> http://tools.ietf.org/html/draft-pritikin-comp-x509-00 draft for
>> compressed certs? Perhaps a v4 format that is restructured to provide
>> easier/quicker parsing Or if a non-ASN1 format is truly preferred
>> then such a format could be defined that is can carry the same
>> semantics as the existing PKI (namely, if the problem is ASN1 then we
>> can fix that without also re-inventing all the rest)  Approaching the
>> questions from this angle leads me to ask what _exactly_ the concerns
>> with the current PKI are. Is it the ASN1, the CA infrastructure, the
>> certificate chains, the cruft in each individual certificate, or?
> 
> Personally, I think the main problems with X.509 PKI to date
> have been around (the need for, and absence of widely supported
> standard for) enrollment and (particularly name) constraints
> when there are many CAs. Dealing with ASN.1 is a PITA, but a
> well-known one, so that'd be low down on my list anyway. I
> know you've spent a lot of effort trying to help with the
> enrollment problem with EST and I do hope that works out,
> but we don't know yet.
> 
> Again though, I don't think thrashing out the pros and cons
> of X.509 on this list is a good plan. Better would be for a
> bunch of really-interested parties to go into a huddle and
> come up with a worked out proposal. (But if a bunch of
> semi-interested parties ask for a new list to talk about
> this, I've no problem helping that happen, though wouldn't
> be very hopeful of a useful outcome.)

I’m keeping  list now :)

spt

> S.
> 
>> 
>> Thanks,
>> 
>> - max
>> 
>> 
>> 
>> On Jan 6, 2014, at 3:39 PM, Stephen Farrell
>> <stephen.farrell@cs.tcd.ie> wrote:
>> 
>>> 
>>> 
>>> On 01/06/2014 08:32 PM, Paul Lambert wrote:
>>>>>> This is an intriguing thought, but probably something out of
>>>>>> scope for CFRG.   (Seems more like a PKNG thing if I
>>>>>> understand you right.)
>>>> 
>>>> There was an IETF PKNG that died with no visible results.
>>> 
>>> That was an IRTF RG. IMO it never had a cadre of researchers nor a
>>> sufficient set of IETF participants who were interested in a
>>> nextgen thing.
>>> 
>>>> This is an area where the IETF seems either too unfocused or
>>>> mired in existing PKI to make progress.  Hence it's on my wish
>>>> list ... Let me know if you have any suggestion for other viable
>>>> forums in IETF for such a topic.
>>> 
>>> We have a list where we discussed certificate transparency but 
>>> which has a broader remit. [1] That's discussing whether or not to
>>> start a new CT WG in the IETF at the moment.
>>> 
>>> There's the wpkops WG for operational issues related to the web
>>> PKI. [2] They could do with help in terms of cycles to do 
>>> already-identified work (not hugely interesting for a 
>>> security/crypto researcher though probably).
>>> 
>>> The PKIX list [3] is still open, and would be a good place to talk
>>> about any X.509-related PKI stuff. Not so good for non X.509 based
>>> PKI though maybe unless for an approach that's very much
>>> evolutionary and starts from X.509.
>>> 
>>> And there's the saag list [4] which is for general security topics
>>> if none of the above fit.
>>> 
>>> So stuff is happening and there are places to discuss and propose
>>> stuff. And Sean and I would be quite happy to try help PKI nextgen
>>> stuff progress in the IETF should there be credible proposals.
>>> 
>>> However, current PKI is not an easy thing to displace, no matter
>>> how much you dislike parts or all of it. The main reasons IMO are
>>> that replacements are likely to suffer a lot of the same (or
>>> equivalent) complexity since its a complex problem, and that any
>>> credible replacement will take at least a few years to work out and
>>> them 5-10 to get deployed which seems to be beyond the horizon for
>>> researchers (speaking as one who chases funding;-). One could argue
>>> that that's why of all the "large DB of public keys" approaches,
>>> only CT seems to be left standing.
>>> 
>>> One other thing - listing the problems with the current PKI is not
>>> likely to be a useful place to start. We know those, and any
>>> credible approach would start with a fairly well worked out
>>> proposal, including consideration of that 5-10 year overlap period.
>>> Its not easy;-)
>>> 
>>> Having said all that though, CT is I think a good proof of concept
>>> that the large-DB-of-public-keys thing could be a runner, and we
>>> have learned a lot about the wrinkles in X.509 based PKI over the
>>> years so there is hope maybe.
>>> 
>>> S.
>>> 
>>> PS: For any of [1]-[4] please check the archives before diving in,
>>> or ask someone who might be familiar, which could include me.
>>> 
>>> [1] https://www.ietf.org/mailman/listinfo/therightkey [2]
>>> http://tools.ietf.org/wg/wpkops/ [3]
>>> https://www.ietf.org/mailman/listinfo/pkix [4]
>>> https://www.ietf.org/mailman/listinfo/saag
>>> 
>>> 
>>> 
>>> _______________________________________________ Cfrg mailing list 
>>> Cfrg@irtf.org http://www.irtf.org/mailman/listinfo/cfrg
>>