Re: [Cfrg] Wack-A-Mole and PKEX 3.0 -> Re: Fwd: New Version Notification for draft-harkins-pkex-00.txt

Andy Lutomirski <> Tue, 13 September 2016 23:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 818C612B12F for <>; Tue, 13 Sep 2016 16:24:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UEmKTIGwSpk0 for <>; Tue, 13 Sep 2016 16:24:34 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4002:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CAA0812B0F6 for <>; Tue, 13 Sep 2016 16:24:33 -0700 (PDT)
Received: by with SMTP id d69so423304ybf.2 for <>; Tue, 13 Sep 2016 16:24:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/Pdp4IVLp2hcrEHDGgx2PRLjjKtF1U0+rZALY5v9wps=; b=cNvavIWN600bSBM3u7icxI1w14AMcnYNB5U/kIT5Q78tAa7ca7ToQdcrfrOOrZlIi+ E0qNpyOFIFJp0TC/bxfR8mROSNaSb/9rVQKr2wyRAbUcrcnxHY/9v8Zkh8i+NUCBQIdK WElCgdCQ7e2zue5erTBkPD26FFU8XrWJo86bV9TNxxHZrMzXckCJKyZcN16a2QYOt63z Rpeanb2tRIhRW9i7nfbA/7HdbT7KRmeU7GRpORi3Rzo5cOauu2c5V8wWpw/w32vdPV0G 2LDZJKXCqg/eFOpBr9EbCU+H9sI9++6RiY5S659CKjoGoKax9AolIqKUxvMhTEj+LILg FpvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/Pdp4IVLp2hcrEHDGgx2PRLjjKtF1U0+rZALY5v9wps=; b=AxXeYw+hPkYzj7yiv6BXDMVF/VJIkIa+cgXKYETYD9w+xXf1yTy+AfYY5h1GpIo0C8 3rsxqGNBo26+SKcBH2dfZdpw7NJWy3SqnEfKsyraorqKAi2T9WqHGwbT4hHNiK6TDiOP OKtpkN4MzVH99DKQNwS6GRv3lTrXMMGGSe8Yai7q+ByrzpMV531AA2j3o0fHQubmTRqL qWfaS5cj8HgFyGL9bI5ohwO5zmHMWfgDoIHsHRGDUri4WnY1iCFwdcG2/1JubUtaaY2G FG6qabjaKMqEbsMxL67Bbj1+cbsPT7+dabIpwSjXDuQmL5Z5bdvuja1tczX4AXLxeFcz S2bw==
X-Gm-Message-State: AE9vXwPHPmfhD5D8IgIdnud1Nw3OhfGQaHu5L3Qvi78UzeQ5B0fpRtPLc2mlCs+NLrtF1g2ET1e5+6eqcIyorKZH
X-Received: by with SMTP id u188mr3951113ybf.19.1473809073048; Tue, 13 Sep 2016 16:24:33 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 13 Sep 2016 16:24:12 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <>
From: Andy Lutomirski <>
Date: Tue, 13 Sep 2016 16:24:12 -0700
Message-ID: <>
To: Dan Harkins <>
Content-Type: text/plain; charset=UTF-8
Archived-At: <>
Cc: "Adrangi, Farid" <>, "" <>
Subject: Re: [Cfrg] Wack-A-Mole and PKEX 3.0 -> Re: Fwd: New Version Notification for draft-harkins-pkex-00.txt
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Sep 2016 23:24:35 -0000

On Tue, Sep 13, 2016 at 4:17 PM, Dan Harkins <> wrote:
> On 9/13/16 3:36 PM, Andy Lutomirski wrote:
>> What I'm saying is: I don't see why a newly-designed enrollment
>> protocol should attempt to prevent you from getting a certificate for
>> your own domain that references Google's public key.  Google's
>> security is not compromised if you possess a certificate for
>> that has Google's public key listed.
>   For one thing, a CA is only as good as its word. And if it allows people
> to get certificates for identities that bind to other people's public keys
> then its word is shit.
>   So let's say you're doing some work for an int'l human rights
> organization.
> But now you've been caught with kiddie porn and are being blackmailed by the
> authorities. Now the gov't is trying to force you to get a certificate
> with your identity (what you refer to as "your own domain") but with a
> public key that belongs to the FBI (what you refer to as "Google's public
> key"). This will allow the FBI to connect to the human rights group (since
> it has the private key) and the human rights group will treat any
> authenticated
> connection as being you and not the FBI. Oops!

I don't see how confirming access to the private key helps.  Wouldn't
the gov't just force the victim to get a certificate with a fresh key
and then give the private key to the FBI?  Or, even better, force the
victim to give their existing private key to the FBI, thus preventing
any funny business at all from being seen in the CT logs?