Re: What ASN.1 got right
Michael Thomas <mike@mtcc.com> Thu, 04 March 2021 18:07 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC4803A1383 for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 10:07:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PD-dIrrARLA0 for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 10:07:42 -0800 (PST)
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0F293A1382 for <ietf@ietf.org>; Thu, 4 Mar 2021 10:07:42 -0800 (PST)
Received: by mail-pj1-x1029.google.com with SMTP id e9so7083803pjs.2 for <ietf@ietf.org>; Thu, 04 Mar 2021 10:07:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=XLTUgoxpqO0Wu213vbcSz3O621Z5VXOWEBKlWS0TyXA=; b=i66shNe1vGyXpL6uO7s/2EFnAvjGDPfX/jgdkK5g6TzlJ8tXVdG4Sfx5FkVuKFY7tb 5HA81j3d6KHZMDOXKbhRU3iqeG3vToUJL1vruFRd+itNMUbNNBtthDHyd73QgtsKFuWW NPnHWkJLo3TPQx+qpCaLukOE0CbYsSdX52RQARnD6Knff9HUHdKWn5tys9kZB+JZreTB 1kYElDX+U47xon1/9LAC2+uLi5Wi/4dVhJHnS67F6zZlQRQTfrXeUirO8IdLVklk/tRH Mi7BAXFVZnCiE7pYbrvPwTziXtXA8JJxtmqCDaK8NjtyCZWHParSJkieCH5YdIoYAbk8 hHRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=XLTUgoxpqO0Wu213vbcSz3O621Z5VXOWEBKlWS0TyXA=; b=JChYSJF50NsIN0cKNtKl3n3/9LyoQ3eEbB8RPL8PWLy2fp/Vxnnd8QyfAWxICjWy+2 e/YVrrHUYKbg4tF9jEi96O5KNfqoEkcYTqOvkyE6C3HHjJLHPoCqgEs2agxDQKxvrUVv lgZPBn0D0ehG/PV7uTu9qC6kslWio/lP/fllci4knwd4taAt5v/AoUdRjue6NM+6QH7P VAejteAi9DQQ3CUsGFASdjwgdriBP/Amk7nVV/Frjuw8E0oT4vFUlpks1LadVvBPCZHw sC3NpJWiLTBFExdfS8nV8Imd9q2ANM4QDDpA7osN3a1v+Ej3bN3Ilg0CqoysJ/2vduQ+ bBiw==
X-Gm-Message-State: AOAM530J2yz2dton/TSrSS2QJsv2bMrLgfX72Z4GBWe1/9ykfq6bDzfe nxwhI/ZDgoeANLXBew440WyC7Vc4naqdlQ==
X-Google-Smtp-Source: ABdhPJzownGIZnpp2RTvWa2Ny2EYRRa6UaxAdRy1bwsOh+WVIyBVR2ceedVYFFFN9tdrXeYayuX9yw==
X-Received: by 2002:a17:90b:508:: with SMTP id r8mr5890399pjz.83.1614881261138; Thu, 04 Mar 2021 10:07:41 -0800 (PST)
Received: from mike-mac.lan (107-182-37-239.volcanocom.com. [107.182.37.239]) by smtp.gmail.com with ESMTPSA id u1sm64779pfn.209.2021.03.04.10.07.39 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 04 Mar 2021 10:07:40 -0800 (PST)
Subject: Re: What ASN.1 got right
To: Nico Williams <nico@cryptonector.com>
Cc: ietf@ietf.org
References: <20210302010731.GL30153@localhost> <0632b948-9ed1-f2bd-96da-9922ebb2aa60@mtcc.com> <YECpybvczdbKHvHx@puck.nether.net> <CAMm+LwiiySi5O1_WDc4-F9x1XfMFFvE-rEbc4uw+31DHJNEHEA@mail.gmail.com> <37C80C42-98A8-4077-AB0F-27539C21934D@webweaving.org> <20210304155417.GN30153@localhost> <45065b63-2766-6f0f-eef3-2d2984fcc4ac@mtcc.com> <20210304171529.GS30153@localhost> <672e173b-c21b-f95f-72dc-2a15273b947e@mtcc.com> <20210304173355.GU30153@localhost>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <67521e29-376d-9481-e736-da7c4a396a8a@mtcc.com>
Date: Thu, 04 Mar 2021 10:07:38 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <20210304173355.GU30153@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/_flLN389ygqFqXCBB8NuZfHFi3A>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2021 18:07:44 -0000
On 3/4/21 9:33 AM, Nico Williams wrote: > >> Your online requirements cherry picks that the online requirements will >> neatly line up in times of need and ignores other online requirements. >> Authentication is one small part of a larger system. That larger system >> almost always needs to be online 24/7. X.509 is a relic from the past. > I've explained about online requirements on every transaction vs. once > in a while. It's not cherry-picking. It's trade-offs. I've tried > explaining, and you can disagree with good technical arguments about > cases where there's better trade-offs or whatever, but instead you've > just been unnecessarily rude. Have a nice day. This entire subthread started from the observation that just putting a ssh public key in an employee directory would be a lot simpler than issuing certificates since it doesn't change anything on the client at all. You said that doing something -- installing certificates -- is easier than doing nothing at all. It's hard to take that sort of statement seriously because it's flat out wrong and contradictory. But with respect to state and being able to do things offline, if your employee directory is down in you average company you have a 5 alarm fire that needs to be put out just as much as if your website went down. The need for offline verification is niche these days. Since that's the only advantage that X.509 brings, that tells me that there is a lot of tail wagging dogs going on. As it ever were. Thankfully beyond the vast confusion factor that x.509 brings it mostly doesn't matter these days. Nobody uses client side certs because they don't scale. Manifestly. Mike
- Re: What ASN.1 got right Michael Thomas
- What ASN.1 got right Nico Williams
- RE: What ASN.1 got right Larry Masinter
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Tim Bray
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Theodore Ts'o
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Carsten Bormann
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right George Michaelson
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Christian Huitema
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right George Michaelson
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Jared Mauch
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- TLS on disconnected/intermittently connected netw… Keith Moore
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: TLS on disconnected/intermittently connected … Viktor Dukhovni
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Sam Hartman
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Viktor Dukhovni
- Re: TLS on disconnected/intermittently connected … Sam Hartman
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Michael Thomas
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Michael Richardson