Re: [keyassure] publishing the public key
Henry Story <henry.story@bblfish.net> Mon, 14 February 2011 14:02 UTC
Return-Path: <henry.story@bblfish.net>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA6C73A6D48 for <keyassure@core3.amsl.com>; Mon, 14 Feb 2011 06:02:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.665
X-Spam-Level:
X-Spam-Status: No, score=-3.665 tagged_above=-999 required=5 tests=[AWL=-0.066, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xHavxuKCQgj8 for <keyassure@core3.amsl.com>; Mon, 14 Feb 2011 06:02:02 -0800 (PST)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id 1DA4D3A6D45 for <keyassure@ietf.org>; Mon, 14 Feb 2011 06:02:02 -0800 (PST)
Received: by gyd12 with SMTP id 12so2313841gyd.31 for <keyassure@ietf.org>; Mon, 14 Feb 2011 06:02:24 -0800 (PST)
Received: by 10.236.110.6 with SMTP id t6mr1397531yhg.17.1297692144680; Mon, 14 Feb 2011 06:02:24 -0800 (PST)
Received: from bblfish.home (ALagny-751-1-9-11.w83-112.abo.wanadoo.fr [83.112.80.11]) by mx.google.com with ESMTPS id z10sm1575913yhz.24.2011.02.14.06.02.20 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 14 Feb 2011 06:02:21 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Henry Story <henry.story@bblfish.net>
In-Reply-To: <20110214124617.GA31136@LK-Perkele-VI.localdomain>
Date: Mon, 14 Feb 2011 15:02:18 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <0BADC4EE-F761-4AD7-8FED-A75F46FEC5E2@bblfish.net>
References: <928BE494-C59D-4FFF-9390-C459A4BC2107@bblfish.net> <20110214124617.GA31136@LK-Perkele-VI.localdomain>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
X-Mailer: Apple Mail (2.1082)
Cc: keyassure@ietf.org
Subject: Re: [keyassure] publishing the public key
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2011 14:02:04 -0000
On 14 Feb 2011, at 13:46, Ilari Liusvaara wrote: > On Mon, Feb 14, 2011 at 11:20:33AM +0100, Henry Story wrote: >> Hi, >> >> In draft-dane-04 [1] one can currently only publish either a signature >> or a certificate in the DNS. That is the only allowed formats of the >> resource record are as specified in section 2.2 >> >> 1 -- Hash of an end-entity certificate >> 2 -- Full end-entity certificate in DER encoding >> 3 -- Hash of an certification authority's certificate >> 4 -- Full certification authority's certificate in DER encoding >> >> Why not publish the only piece of the certificate that is important in >> public key cryptography: the public key. ( This is what WebID does >> currently ) This should be shorter than the certificate, and though it >> will be longer than the signature, it will be a lot more useful, tying >> the publisher much less to a particular serialisation format. So you >> reduce the PGP/X509 disagreements. > > Unfortunately TLS requires sending the full certificate. Yes, one could > define a new certificate type that contained just the public key, but > that would require a IETF consensus (RFC through TLS working > group[1]). As you certainly know, but as you don't know what I know let me be specific, TLS does not currently make any claims as to what should be published in DNS. In fact TLS requires(?) that the client will look to see if it can build a chain of certificates from the server cert to a trusted Certificate Authority (CA), and show that the CA authenticates each element in the chain. keyassure (or is it dane?) will, as I understand, allow another way for trust to be established by tying the identity of the server to DNS, rather than (or in addition to) tying it to a CA. So a User Agent (UA) that is keyassure enabled connecting to a TLS server should receive as all UAs now do an X509 certificate. What will be unusual is that this certificate could be self-signed. In the TLS negotiation the UA will have proof that the server knows the private key of the public key sent in the certificate, following existing TLS specs. But since the Certificate will be self signed the UA will not be able to get confirmation from a CA that the service that knows that private key is the service that has global identity alice.example:443 . An evil agent known as Eve could have create a public/private key pair and generate a self signed certificate asserting that it is the certificate of service alice.example:443 but place that on the server she likes to think of as eve.example:443 . So what do we really need? We just need a trusted service to tell us that alice.example:443 is indeed the knower of the given private key. DNS is of course the perfect place to get that information, especially when the information can be trusted. So what we need is DNS to say the following: <srv:alice.example:443> knowsPrivateKeyOfPublicKey [ a RSAPublicKey; ... ] . Once that is said, all is said. My point after that is that so much is said there, that the server would not even need to send the certificate anymore (saving yet more bandwidth) > Then one would define new DANE ceritifcate type (3 [2] or 5/6) to > match that. ok, so it is possible to do it. But I think one should investigate a bit more if one cannot get consensus that one does not really needs anything more than the public key. After all this is public key cryptography we are using! > > <snip idea of certificate URLs> > > I don't think that would be possible to use without new certificate > type either. I think you could just use the ASN.1 public key object, and DER encode it. I think that is even specified somewhere. But ok, if the certificate type is important... Note that the object does not even have to be signed (DNSSEC signs things) > As for bandwidth, sure it would save some. One can send well-secured > key in roughly 80 bytes total (including CertificateType extension). > Modern X.509 certs are far larger[3], even if restricted to bare > minimum fields. The important calculation would have to be: how many packets does one save when sending: - a hash of an entity certificate - a public key only - a pretty minimal certificate - a usual key And here one would need two figures: a the size of the information b the size after the DNSSEC wrappers that have to be added to the message. Where the second size is more important of course > As for what this would be useful for: If the raw key format would > be easily parsed, it would save lots of tricky ASN.1 and X.509 > parsing (yes, there are libraries for that) Indeed. That is partly what my thought experiment was getting at: you could even remove the ASN.1 from the server, by not having it send server certs. Though perhaps to bring this up here is to risk confusing issues. > > [1] Not entierely accurate, it is RFC approved by IESG (and they'll > consult TLS WG). > > [2] Since those 4 types could be collapsed to 2 (2 of those require > second byte to be zero and 2 require nonzero second byte) > > [3] There's also subtle performance issue there. Those certificates > can be so large that TCP windows get overflowed. As consequence, > either one has to break TCP spec (many sites do this) or suffer > a latency hit. > > -Ilari Social Web Architect http://bblfish.net/
- Re: [keyassure] publishing the public key Henry Story
- [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Scott Schmit
- Re: [keyassure] Issue #14 - publishing the public… Warren Kumari
- Re: [keyassure] Issue #14 - publishing the public… Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key John Gilmore
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story