IETF Logo Mail Archive

Re: [keyassure] Bare keys again

Jeff Schmidt <jschmidt@jasadvisors.com> Wed, 23 March 2011 14:13 UTC

Return-Path: <jschmidt@jasadvisors.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6C2DC3A690C for <keyassure@core3.amsl.com>; Wed, 23 Mar 2011 07:13:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gJxxe5KPhhzs for <keyassure@core3.amsl.com>; Wed, 23 Mar 2011 07:13:58 -0700 (PDT)
Received: from relay-hub202.domainlocalhost.com (relay-hub202.domainlocalhost.com [74.115.204.52]) by core3.amsl.com (Postfix) with ESMTP id 2EB2B3A6869 for <keyassure@ietf.org>; Wed, 23 Mar 2011 07:13:57 -0700 (PDT)
Received: from MBX202.domain.local ([169.254.2.125]) by HUB202.domain.local ([74.115.204.52]) with mapi id 14.01.0255.000; Wed, 23 Mar 2011 10:15:31 -0400
From: Jeff Schmidt <jschmidt@jasadvisors.com>
To: Paul Wouters <paul@xelerance.com>, "keyassure@ietf.org" <keyassure@ietf.org>
Thread-Topic: [keyassure] Bare keys again
Thread-Index: AQHL51zGDvNhnuZrW0u0NF7HLeps2ZQ3NYOAgAAHOACAABQaAIABMNsAgAACqYCAAAL5gIAABGkAgAAICICAAmtBgP//8wT+
Date: Wed, 23 Mar 2011 14:15:33 +0000
Message-ID: <E6B327026515F942B2668762387B1DE303228CBD@MBX202.domain.local>
References: <92D68A5E-5CB7-4C80-8D7B-0B8D55D93608@kumari.net> <alpine.LFD.1.10.1103201932370.20162@newtla.xelerance.com> <9D285351-8D73-4C15-BE2C-5DF731C08DCE@vpnc.org> <alpine.LFD.1.10.1103202028110.20162@newtla.xelerance.com> <1300669586.2117.12.camel@localhost> <alpine.LFD.1.10.1103202211390.20162@newtla.xelerance.com> <1300739370.2117.40.camel@localhost> <alpine.LFD.1.10.1103211631260.20162@newtla.xelerance.com> <AANLkTimyOXv66UeG2q2dmt1-e_Ek6WPPH-coueFc7fDS@mail.gmail.com> <AANLkTin1QjUbVFN8FqjL2SPRLSRRw4Ahs4zbhy4ZdZuX@mail.gmail.com> <alpine.LFD.1.10.1103211727150.28224@newtla.xelerance.com>, <alpine.LFD.1.10.1103230625150.18330@newtla.xelerance.com>
In-Reply-To: <alpine.LFD.1.10.1103230625150.18330@newtla.xelerance.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.64.24]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [keyassure] Bare keys again
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2011 14:13:59 -0000

I'm new here, so I please accept all relevant apologies and I ask for all relevant leniance and guidance.  

On Mon, 21 Mar 2011, Paul Wouters wrote

> http://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

> This is another clear signal that DANE is needed, and the need for the
> X509 storage format is unneccessary. So people can simply take control
> of SSL for servers within their own DNS zones.

I have been tracking this conversation with interest.  I am of the opinion that X.509 is an artifact of the past, when public keys were distributed outside of any useful namespace, and we needed additional "stuff" to establish provenance, chain of trust, etc.  X.509 is essentially a way to (1) map a public key to a hostname/email address, and (2) establish a chain of trust.

Of course, we don't need (1) when the key is in DNS, and hopefully we're moving away from practices that would need (2) for all the reasons the CA trust model is broken.  So, X.509 brings a lot of overhead/baggage without providing anything useful in return.(*)  Thus, I agree that we should be designing DANE (and other approaches) for the future, which will hopefully be a post-X.509/CA world.

The (*) is interoperability with TLS, which we obviously need.  So, here's the idea: why don't we design DANE to support both methods of operation: publishing X.509 certs/hashes and bare keys.  This gives us interoperability in the near term and flexibility into the future (to combat the TXT approaches).

As I see it, we could generalize the "TLSA Certificate Types" registry to support several methods of operation - something like "TLSA Data Types" then add to the initial registry:
   n: Bare public key to identify an end entity
   n: Bare public key trust anchor

Hash types still applies as written; some other language would need smoothing here and there, but it pretty much works.

If I'm not way off base here, I'd be happy to take a shot at some edits to -06 if desired.

Thanks,
Jeff

v2.23.0 | Report a Bug | By Email