Re: What ASN.1 got right

Phillip Hallam-Baker <> Tue, 02 March 2021 20:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1CDAE3A103D for <>; Tue, 2 Mar 2021 12:44:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.399
X-Spam-Status: No, score=-6.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id on5QC8ln3NUF for <>; Tue, 2 Mar 2021 12:44:31 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7FB703A103C for <>; Tue, 2 Mar 2021 12:44:31 -0800 (PST)
Received: by with SMTP id p186so22136064ybg.2 for <>; Tue, 02 Mar 2021 12:44:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xBjr9aktC7kuWd/77gpHzdrvrG6ZgTufjEud27QQ+m4=; b=ulS1Ts8PcErQ869wZ0y7E9fx/9CqSJhltZsj9PJvkJ8Q9C+qDDzy2Q+McELuXVm3lO KOK40BJBe1hcJd0lW+xSVRT8xHhKs7YQmiRh4cM+Ib/+PnEPqoAHrr/5IjGqSNqKx6BO fwrBZZcCuntIfae1FFEI2IIOUrZwSFtr4k8VcwxG4Bg2fexC075HEgqsXgtd69HPRj9r +yVPrGncZSMWMsjp8IpMKl/RbBZwOU8r0nBSJWWzoLIbbzA0ASbrQnMCwT+z2LlVbXrT 2a9kMhy6+dXVeL9qnN/GLhZV6ZCZSEs9G2bY0UuPst/r8dyltCqafdjcq6kbf2dgdlOZ hSdw==
X-Gm-Message-State: AOAM532XeAKCuxwNjyKi3bAbWbpaP4yV/BUVVbO/Qk2vbAKjLSQInDKO IURv5ssS3LjcGgaUPH2iqecesMfbiuOgel2PBt8=
X-Google-Smtp-Source: ABdhPJwe+eHWga3Lpr7skMryFi6YItUgLprdBQflOyLBSSzI6Z9+3tI11dBxRydUM4Dg9/31oLTpNVKL95Zz2K1NRG8=
X-Received: by 2002:a25:4086:: with SMTP id n128mr22917601yba.522.1614717870660; Tue, 02 Mar 2021 12:44:30 -0800 (PST)
MIME-Version: 1.0
References: <20210302010731.GL30153@localhost> <> <> <> <20210302183901.GV30153@localhost>
In-Reply-To: <20210302183901.GV30153@localhost>
From: Phillip Hallam-Baker <>
Date: Tue, 2 Mar 2021 15:44:19 -0500
Message-ID: <>
Subject: Re: What ASN.1 got right
To: Nico Williams <>
Cc: Michael Thomas <>, IETF Discussion Mailing List <>
Content-Type: multipart/alternative; boundary="00000000000017df9205bc93cdd6"
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Mar 2021 20:44:36 -0000

On Tue, Mar 2, 2021 at 1:39 PM Nico Williams <> wrote:

> On Tue, Mar 02, 2021 at 10:19:53AM -0800, Michael Thomas wrote:
> >                                                    [...] And once you
> rely
> > on online crl's, it's all the same.
> Yes, well, wherever possible we should be using short-lived credentials
> and dispense with revocation.

Getting back to the constraints of 30MHz Windows 95 PCs. Has anyone here
tried to create a 2048 bit RSA key on a BBN safekeyper box?

The notary videographer did not expect to be spending eight hours filming
absolutely nothing happening.

Back in 1995, signing a new cert for each subscriber every day was
impossible. Now it is completely feasible.

With threshold techniques, we don't even need the subscriber to make a new
cert request and we can still roll the key:

* Alice creates public/private key pair {a.P, a}, sens a.P to Carol

t=0) Carol validates the request generates a new keypair {c0.P, c0} and
sends back a certificate for { (a+c0).P, a+c}. and the value c0 Carol
doesn't know a of course but she can calculate a.P + c0.P which is the same
thing. This cert is valid for 48 hours.

t=1) The next day, Carol sends a certificate for { (a+c1).P, a+c}. and the
value c1

t=2) The next day, Carol sends a certificate for { (a+c2).P, a+c}. and the
value c3

t=3) 'Alice' turns out to have never been Alice, it was Mallet. Carol stops
sending her new certificates.

I could write a spec for this in PKIX if anyone was interested. Of course,
you would end up listening to me yacking on about the Mesh while I did it.

This approach would completely eliminate the need for CRLs except for
purposes of recording the fact an issue arose for purposes of interpreting

Of course, we would have to modify TRANS to make this work or else those
logs are gonna BLOW! Basically, you would have to log a template for the
cert rather than the cert itself. And there would need to be an extension
in the cert so things were all tickety boo. But it is all doable.