Re: Security for various IETF services

Phillip Hallam-Baker <hallam@gmail.com> Thu, 10 April 2014 14:35 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 623BB1A01C1 for <ietf@ietfa.amsl.com>; Thu, 10 Apr 2014 07:35:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPlcHGC0Ynww for <ietf@ietfa.amsl.com>; Thu, 10 Apr 2014 07:35:29 -0700 (PDT)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id 5C81F1A017D for <ietf@ietf.org>; Thu, 10 Apr 2014 07:35:29 -0700 (PDT)
Received: by mail-la0-f49.google.com with SMTP id mc6so2352959lab.22 for <ietf@ietf.org>; Thu, 10 Apr 2014 07:35:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1tblu9NQfNE7YOjLy5oL4J3yMW3exHRwHDxRYZKeDD8=; b=PWPczh9kbFnGZqzYaZKHy7oC9ckPXQym12daulWDDRTOWhANTTZKk/IfevI1Io/5FU 0zYiLLacsSypUSI5jX8tWf+szE5sWrWKxN1tXZfn30bx8uDnBexojWuRAOMwqpsRkB4i EjXChvglVKTUDsjoMlZfcxj3sZNtRLE7HIZ4t4QoV/4u95PqncE/l1hE8FG0rESAV+aE Vhfa63hCf+KLghXsM3juk79dSlwWXCBMchggIHo2F/F/PTuLJE1+eVT2AKnRMttRiM8f E74kGLHvEoAG7CWqLY9wT1mly0oVDNg+sTIQ8a/fsH2S5UvAKkiBJZrxZkH6BK3nlNmU Zm5A==
MIME-Version: 1.0
X-Received: by 10.112.143.99 with SMTP id sd3mr11887850lbb.11.1397140527767; Thu, 10 Apr 2014 07:35:27 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Thu, 10 Apr 2014 07:35:27 -0700 (PDT)
In-Reply-To: <534580AF.4080602@dcrocker.net>
References: <20140409154919.11E6118C106@mercury.lcs.mit.edu> <534580AF.4080602@dcrocker.net>
Date: Thu, 10 Apr 2014 10:35:27 -0400
Message-ID: <CAMm+Lwi2bsj9s-h6eyYzJLpbOG8RY2yRmKSssuKoDCA-KAAH2w@mail.gmail.com>
Subject: Re: Security for various IETF services
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Dave Crocker <dcrocker@bbiw.net>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/SrXYmZfy25am4jv4m525OPJMIEI
Cc: Noel Chiappa <jnc@mercury.lcs.mit.edu>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Apr 2014 14:35:35 -0000

On Wed, Apr 9, 2014 at 1:17 PM, Dave Crocker <dhc@dcrocker.net> wrote:
> On 4/9/2014 10:49 AM, Noel Chiappa wrote:
>>
>>      > the way forward is pretty straightforward: Take the S/MIME message
>>      > format and graft the PGP web of trust and fingerprint trust models
>> onto
>>      > it.
>>
>> I agree wholly with your prefatory observation, and like your suggested
>> solution.
>
>
>
> The interesting premise in the suggestion is that a web of trust key
> management model is useful at Internet scale.
>
> I don't understand why anyone believes that.

Perhaps they believe that I have the solution because they actually
read my proposal where I suggest something very different and back it
with like actual math and an attack model.

The actual code is designed in such a way that people can plug in any
trust model of their choice however.


https://datatracker.ietf.org/doc/draft-hallambaker-prismproof-trust/
http://www.youtube.com/watch?v=PBFnBpWkK8M

There are problems with both the S/MIME and the Web of Trust models
which I discuss in the video presentation.

What I am proposing is to combine features of both trust models and in
addition ground the system in time using Certificate Transparency.
What this means is that a given key can be accredited in both models
simultaneously.


The metric that I apply is the time based work factor for the
attacker. Timestamping documents against an append only notary that is
a member of a federation of such notaries can effectively raise the
work factor for the attacker to infinity after that point in time.


-- 
Website: http://hallambaker.com/