IETF Logo Mail Archive

Re: [openpgp] "OpenPGP Simple"

Phillip Hallam-Baker <phill@hallambaker.com> Sun, 22 March 2015 16:01 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA5CA1A8A7C for <openpgp@ietfa.amsl.com>; Sun, 22 Mar 2015 09:01:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 599eTdH9Nosz for <openpgp@ietfa.amsl.com>; Sun, 22 Mar 2015 09:01:55 -0700 (PDT)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47A141A8A58 for <openpgp@ietf.org>; Sun, 22 Mar 2015 09:01:55 -0700 (PDT)
Received: by labon10 with SMTP id on10so17273013lab.2 for <openpgp@ietf.org>; Sun, 22 Mar 2015 09:01:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=G147aKVaw8+LCvshdHSuCunTjjX4meWhg8qdM4wsdsQ=; b=VDRs2uaqdFRuXZSQvfH7Mv8zbVT1B+dX6c8R5onBPHn5GtTcu70RUMMmL0pFOPDSha UFrTzlpOUBleepggq1qkasq7N41u2QVRfo1W/wd4WwnC1ufvcyxYKC5NhyzP3vHcwV75 Z9ec5p2oB82AyDC2i3w6Yd7Xbk9MrCg+EVhEEgjaJAeYkU30PGmoVjS4Gv5/hi3n3GMj 309ZYIc0JiSI2B9Xan6kdoOm49DJ93vuVGEASEdTMA2Pr2VkhEEBfRvIiBMD0rpoA35f nbyff+z3/XUXT/EBkvUxbrCNP96OkiFLOw8uBePoRhHm+6Yrv2e8V0Wb75jKjKi7m+lY Sl0A==
MIME-Version: 1.0
X-Received: by 10.112.151.226 with SMTP id ut2mr62093317lbb.55.1427040113727; Sun, 22 Mar 2015 09:01:53 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.45.203 with HTTP; Sun, 22 Mar 2015 09:01:53 -0700 (PDT)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73AAFB9A25@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73AAFB9A25@uxcn10-5.UoA.auckland.ac.nz>
Date: Sun, 22 Mar 2015 12:01:53 -0400
X-Google-Sender-Auth: KR7ce0w_CjkhBExEJwpoj7jBTIA
Message-ID: <CAMm+Lwi-UCDGNA4Vsy7b4YrB2Lu-P+MCOkb-3NvkJ3_apJbiFw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Ofq_m4IO_thUjpTEVaTcBpejWsI>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>
Subject: Re: [openpgp] "OpenPGP Simple"
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2015 16:01:56 -0000

On Sun, Mar 22, 2015 at 11:48 AM, Peter Gutmann
<pgut001@cs.auckland.ac.nz> wrote:
> Gregory Maxwell <gmaxwell@gmail.com> writes:
>
>>A CA has signed an intermediate CA cert which is loaded in an interception
>>appliance.  You blacklist this certificate by ID. Your blacklisting is
>>bypassed by simply changing the encoding of the  when sending the cert chain
>>and now your traffic can be intercepted again.
>
> This issue has been known for a long, long time (well, I guess not by the
> OpenSSL authors :-).  The problem is its being tied to a blacklist-based
> security mechanism, you can always evade the blacklist through trivial
> encoding changes that produce a valid but not bit-for-bit identical encoding.
>
> Since all of PKI is built around blacklists (the second dumbest idea in
> computer security, and arguably a special case of the dumbest idea in computer
> security, default-allow), the PKIX folks argued that using certificate
> fingerprints to uniquely identify a cert wasn't allowed because it broke their
> blacklist/default-allow based approach to things.
>
> As a result, they identify certs via their serial numbers (so a CRL isn't
> really a CRL but a SNRL, a serial-number revocation list).  So now, instead of
> a single easily-identified problem (trivially fixed by not relying on
> blacklists for security), you have a whole raft of problems, many of them
> still waiting to be discovered.
>
> In other words the PKIX approach is to decide on a wrong solution
> (blacklists), and then to break other things (certificate IDs) in order to
> perpetuate the wrong solution.

No, the idea in PKI is that certificate issue is a whitelisting. So
CRLs are then a blacklisting of previous whitelist entries.

I don't think it really matters though as short lived certs are going
to be the basis for the emerging PKI/2. The need for certificate
revocation lists goes away just when I work out how to compress them.

If we could agree on one way to calculate a fingerprint of a key that
can be used for both OpenPGP purposes and PKI/2 then we can get the
systems to interop very nicely.

v2.23.0 | Report a Bug | By Email