Re: Security for various IETF services

Phillip Hallam-Baker <> Thu, 10 April 2014 14:57 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A2EC61A0224 for <>; Thu, 10 Apr 2014 07:57:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JtsPK09HcKfp for <>; Thu, 10 Apr 2014 07:57:15 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c04::22d]) by (Postfix) with ESMTP id 66E4D1A01DC for <>; Thu, 10 Apr 2014 07:57:15 -0700 (PDT)
Received: by with SMTP id p9so2387385lbv.4 for <>; Thu, 10 Apr 2014 07:57:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=aMlXe5673i3+2xr8u44ju/1x8PZjN0B9UN63dS7hTlo=; b=orvu8afYLUoA/xvnb5QIN56p4Fa3bHPTjB9Xnq247zBrs96cLJdPVl+VVpnBy5wkDB hLi2YkRiIiy3P/6t+gxeLmV5Lxs2X/m2ZQuUPo8ReOXAKdMOFbHYWMvQQBfLWursKgRS OcAKbJ00LsJRw8eNA7/8k8uqVYj5+Nq+kvdqXZp++wBli8zk/9bLSv4bjTnoByZmwXuh PhfQTBmrQCR3JWKmRjSN8sAyajEIgTfebyDbN2/dutEIX05uaT9OuSHeqoVIQeqj5vcn lTgQJzBoCxkHDARJ0J9loueFWqaIf2r6wFfoOLAkTE51a4Rwb29/+eL+18Oy5u+5lOan SOUQ==
MIME-Version: 1.0
X-Received: by with SMTP id uh5mr392257lac.64.1397141833683; Thu, 10 Apr 2014 07:57:13 -0700 (PDT)
Received: by with HTTP; Thu, 10 Apr 2014 07:57:13 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <>
Date: Thu, 10 Apr 2014 10:57:13 -0400
Message-ID: <>
Subject: Re: Security for various IETF services
From: Phillip Hallam-Baker <>
To: Steve Crocker <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: Noel Chiappa <>, Theodore Ts'o <>, IETF Discussion Mailing List <>, David Crocker <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 10 Apr 2014 14:57:20 -0000

On Wed, Apr 9, 2014 at 4:15 PM, Steve Crocker <> wrote:
> My own opinion is related but not identical.  I agree solutions 1 and 3 are failures; 1 doesn’t provide the trust and 3 doesn’t scale.  Solution 2 is also problematic because the government tends to overreach and there isn’t a single government.
> DNSSEC provides a base platform to build upon.  It doesn’t claim to provide the level of trust the CA system tried to provide.  That’s a key strength, not a weakness.

I agree as long as you continue to use the indefinite article. DNSSEC
is A platform to build on, so is PGP and so is S/MIME. There is
actually a considerable built out base of S/MIME that is just as large
as PGP and in fact gets a lot more use.

On Monday I was in a room where over half the audience put their hand
up when I asked it they had used encrypted mail that week.

The way forward as I see it is to separate out the trust model
question from the steps necessary to support encryption in the client.
At the very least for development purposes. My prototype is designed
to allow anyone to plug their favorite trust model in as a web
service. So we can share 95% of the code that is the hardest to write
and has to be supported on every platform. We only need to implement
the 5% where the difference lies.

Given this week's Heartbleed news, I think we can stop hearing
conclusions drawn from DigiNotar. No crypto is ever going to be
perfect, get over it. If people want to hold CAs up to a 'zero
tolerance' standard, thats fine. Just make sure you hold OpenSSL up to
the same standard and pull them from the code base as well. And kick
anyone who might have been implicated in an NSA plot out of the IETF.
And stop using all their specs. And.. and., and..

The problem with the CA model for email is that as a CA it is really
difficult for me to actually validate individuals. The best I can do
is to check their government issued ID. Which really does not help me
in a country like Iran. The CA model does give me a lot of leverage if
I am looking to authenticate an institution however.

Web of trust has a scaling problem that I illustrate in the video.
Basically a web of trust with 1000 members that is ten hops away from
me has a work factor of essentially zero as I have no way to tell if
it is genuine or fake. But the curious thing is that if we combine the
two models, the work factor for the attacker increases over the CA
model alone and we get scaling. If there are 50 members of that web of
trust with CA validated certificates with a work factor of X, the web
of trust might have an average work factor approaching 20-30X for a
given cert.