Re: What ASN.1 got right
Michael Thomas <mike@mtcc.com> Thu, 04 March 2021 17:04 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4D633A10F5 for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 09:04:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t5IT44XsWrSD for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 09:04:32 -0800 (PST)
Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34B013A10F3 for <ietf@ietf.org>; Thu, 4 Mar 2021 09:04:32 -0800 (PST)
Received: by mail-pl1-x633.google.com with SMTP id g20so16506133plo.2 for <ietf@ietf.org>; Thu, 04 Mar 2021 09:04:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=HvQCUFvBbAERvimZsvA0hDO5CvUKqKvcdSjp19Iofto=; b=dFTC0NsmVMwoi3yO5BVCebuLDXaGlqPtTdtWn3V4N/k8pYULXBP6TCNFImM8of3EFJ 8MZ3PEmEZbXMCEc4ZwPFrFvYAhPjthsVWfvH+5JGsHCedl4/vkzqNA9w3MnPSfSCErv3 MgKvI1Fobq0pb+GcnpNY0NNUdfp92DaTq7b/wYmzyl4vdvuGFMHPLWwzO+VmgIuD9zFi JnRBgkQ2fejkRhOtPNxNHtLxIG86mnlBqaS6w0QuCQTesynhhgg5Qy9qUhqiMzXfEwqB jNyt3RTHc/TNCErXoJwiRip+sBB8h5E6OLdSUx/0wHkD51zaXjoCPds/f0ser/eCuZNP Pkkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=HvQCUFvBbAERvimZsvA0hDO5CvUKqKvcdSjp19Iofto=; b=brckW/CtGs073wKY2MAixvdJXHSBY+QvFpoEiLEqGjYDjS1tsWeXXGU0N1t6gUTHZy +D/IMdGcPPyDcQJcvn9o8HS+rxKSbi0VaUBO47c3a+XdGVpu6K4o20BllhlFYRcQSlX8 8+uJBibH35TDR4KF8An0sJ+/2Jbe043HRcEJxgpclw2uvj1ReQFMG4SDCJyRGd3Q55ou XIfiMiRwA0gL1joM4MVPJArOFauDI/KXYJquoFfx4WnrgH2oisor7olHVlSnkkYrdXri J6svbZF2luA812l4hbtCffcWlvWZH838S4hNtntuQIgElCc+kBKpZ5Vu/kYVBTSpuwp0 ooSQ==
X-Gm-Message-State: AOAM531VTRL384CtCqvDv4d4/eGCHdAAymkjTbu+5jkJEUosisoyrgJw QbssCyBkzkuoimDGk8KqqvMuyoVyD4dH5Q==
X-Google-Smtp-Source: ABdhPJxSYysPB/ekkzdQQV0xJCJN+z63NeDasPFU6PWewJxzHxK/gbrtFllbzWJPs5N6eFLkkoCHdA==
X-Received: by 2002:a17:902:9f94:b029:e3:287f:9a3a with SMTP id g20-20020a1709029f94b02900e3287f9a3amr4668984plq.46.1614877469932; Thu, 04 Mar 2021 09:04:29 -0800 (PST)
Received: from mike-mac.lan (107-182-37-239.volcanocom.com. [107.182.37.239]) by smtp.gmail.com with ESMTPSA id 68sm14947737pfd.75.2021.03.04.09.04.28 for <ietf@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 04 Mar 2021 09:04:28 -0800 (PST)
Subject: Re: What ASN.1 got right
To: ietf@ietf.org
References: <20210302010731.GL30153@localhost> <0632b948-9ed1-f2bd-96da-9922ebb2aa60@mtcc.com> <YECpybvczdbKHvHx@puck.nether.net> <CAMm+LwiiySi5O1_WDc4-F9x1XfMFFvE-rEbc4uw+31DHJNEHEA@mail.gmail.com> <20210304155223.GM30153@localhost>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <1f60a046-801a-2204-197b-723dd16924c7@mtcc.com>
Date: Thu, 04 Mar 2021 09:04:27 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <20210304155223.GM30153@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/mne2yGoCRuQi3Sg0gJ0HGGn2-OE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2021 17:04:34 -0000
On 3/4/21 7:52 AM, Nico Williams wrote: > On Thu, Mar 04, 2021 at 09:57:47AM -0500, Phillip Hallam-Baker wrote: >> X.509 is really optimized around the totally offline case. And that is a >> bad choice for many applications. But it does work for some. > No, that's not it. > > X.509 tries to minimize online infrastructure, but not to zero. > > In particular, it minimizes *state*. Um, why should we care about that? Nothing else cares about holding state. > Now, if you start binding public keys to users via a directory, you'll > be unhappy because you'll have all the problems directories have, and > because you might get the schema wrong and allow only one key per-user, > and even if you don't get the schema wrong you'll have a garbage > collection problem, and even if you manage to solve that with > expirations then the act of registering new keys is still more complex > than the act of signing new certificates. > Oh brother. When you start arguing that people might get implementations wrong, you're grasping at straws. All of the sites that I've used that allow public key authentication have groked that there might be more than one key like, oh say, github. This is complete nonsense. People might issue certs for a 150 years too. Mike
- Re: What ASN.1 got right Michael Thomas
- What ASN.1 got right Nico Williams
- RE: What ASN.1 got right Larry Masinter
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Tim Bray
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Theodore Ts'o
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Carsten Bormann
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right George Michaelson
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Christian Huitema
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right George Michaelson
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Jared Mauch
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- TLS on disconnected/intermittently connected netw… Keith Moore
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: TLS on disconnected/intermittently connected … Viktor Dukhovni
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Sam Hartman
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Viktor Dukhovni
- Re: TLS on disconnected/intermittently connected … Sam Hartman
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Michael Thomas
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Michael Richardson