Re: Security for various IETF services

Phillip Hallam-Baker <> Thu, 10 April 2014 14:35 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 623BB1A01C1 for <>; Thu, 10 Apr 2014 07:35:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xPlcHGC0Ynww for <>; Thu, 10 Apr 2014 07:35:29 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c03::231]) by (Postfix) with ESMTP id 5C81F1A017D for <>; Thu, 10 Apr 2014 07:35:29 -0700 (PDT)
Received: by with SMTP id mc6so2352959lab.22 for <>; Thu, 10 Apr 2014 07:35:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1tblu9NQfNE7YOjLy5oL4J3yMW3exHRwHDxRYZKeDD8=; b=PWPczh9kbFnGZqzYaZKHy7oC9ckPXQym12daulWDDRTOWhANTTZKk/IfevI1Io/5FU 0zYiLLacsSypUSI5jX8tWf+szE5sWrWKxN1tXZfn30bx8uDnBexojWuRAOMwqpsRkB4i EjXChvglVKTUDsjoMlZfcxj3sZNtRLE7HIZ4t4QoV/4u95PqncE/l1hE8FG0rESAV+aE Vhfa63hCf+KLghXsM3juk79dSlwWXCBMchggIHo2F/F/PTuLJE1+eVT2AKnRMttRiM8f E74kGLHvEoAG7CWqLY9wT1mly0oVDNg+sTIQ8a/fsH2S5UvAKkiBJZrxZkH6BK3nlNmU Zm5A==
MIME-Version: 1.0
X-Received: by with SMTP id sd3mr11887850lbb.11.1397140527767; Thu, 10 Apr 2014 07:35:27 -0700 (PDT)
Received: by with HTTP; Thu, 10 Apr 2014 07:35:27 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Thu, 10 Apr 2014 10:35:27 -0400
Message-ID: <>
Subject: Re: Security for various IETF services
From: Phillip Hallam-Baker <>
To: Dave Crocker <>
Content-Type: text/plain; charset=UTF-8
Cc: Noel Chiappa <>, IETF Discussion Mailing List <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 10 Apr 2014 14:35:35 -0000

On Wed, Apr 9, 2014 at 1:17 PM, Dave Crocker <> wrote:
> On 4/9/2014 10:49 AM, Noel Chiappa wrote:
>>      > the way forward is pretty straightforward: Take the S/MIME message
>>      > format and graft the PGP web of trust and fingerprint trust models
>> onto
>>      > it.
>> I agree wholly with your prefatory observation, and like your suggested
>> solution.
> The interesting premise in the suggestion is that a web of trust key
> management model is useful at Internet scale.
> I don't understand why anyone believes that.

Perhaps they believe that I have the solution because they actually
read my proposal where I suggest something very different and back it
with like actual math and an attack model.

The actual code is designed in such a way that people can plug in any
trust model of their choice however.

There are problems with both the S/MIME and the Web of Trust models
which I discuss in the video presentation.

What I am proposing is to combine features of both trust models and in
addition ground the system in time using Certificate Transparency.
What this means is that a given key can be accredited in both models

The metric that I apply is the time based work factor for the
attacker. Timestamping documents against an append only notary that is
a member of a federation of such notaries can effectively raise the
work factor for the attacker to infinity after that point in time.