IETF Logo Mail Archive

RE: request for WG to adopt draft-chadwick-webdav-00.txt as a work item

"Kemp, David P." <DPKemp@missi.ncsc.mil> Mon, 17 September 2007 15:36 UTC

Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IXIeK-0008Dt-NW for pkix-archive@lists.ietf.org; Mon, 17 Sep 2007 11:36:36 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IXIeJ-0006mg-8V for pkix-archive@lists.ietf.org; Mon, 17 Sep 2007 11:36:36 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l8HESqRr052009 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Sep 2007 07:28:52 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l8HESq7A052008; Mon, 17 Sep 2007 07:28:52 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l8HESpCO052000 for <ietf-pkix@imc.org>; Mon, 17 Sep 2007 07:28:51 -0700 (MST) (envelope-from DPKemp@missi.ncsc.mil)
Received: from Cerberus.missi.ncsc.mil (cerberus.missi.ncsc.mil [144.51.51.8]) by stingray.missi.ncsc.mil with SMTP id l8HESkGi018022; Mon, 17 Sep 2007 10:28:46 -0400 (EDT)
Received: from 144.51.60.33 by Cerberus.missi.ncsc.mil (InterScan VirusWall 6); Mon, 17 Sep 2007 10:28:45 -0400
Received: from EXCH.missi.ncsc.mil ([144.51.60.19]) by antigone.missi.ncsc.mil with Microsoft SMTPSVC(6.0.3790.3959); Mon, 17 Sep 2007 10:28:45 -0400
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: RE: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
Date: Mon, 17 Sep 2007 10:28:37 -0400
Message-ID: <FA998122A677CF4390C1E291BFCF59890822CCF8@EXCH.missi.ncsc.mil>
In-Reply-To: <46EAB378.4090506@kent.ac.uk>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
Thread-Index: Acf28yEtGxwbvk0CTC2l8cK4OIbA6gCOBSNQ
References: <OF3876B698.C80CC9A9-ONC125734F.002F7456@frcl.bull.fr> <46E1B0B7.3080003@kent.ac.uk> <p06240511c30b2a2eae3c@[128.89.89.71]> <46E6678A.2030307@kent.ac.uk> <A15AC0FBACD3464E95961F7C0BCD1FF006A25BE970@EA-EXMSG-C307.europe.corp.microsoft.com> <46EAB378.4090506@kent.ac.uk>
From: "Kemp, David P." <DPKemp@missi.ncsc.mil>
To: David Chadwick <d.w.chadwick@kent.ac.uk>, ietf-pkix@imc.org
X-OriginalArrivalTime: 17 Sep 2007 14:28:45.0863 (UTC) FILETIME=[0E1CBB70:01C7F937]
X-TM-AS-Product-Ver: : ISVW-6.0.0.1396-3.6.0.1039-15430000
X-TM-AS-Result: : Yes--2.417000-0-31-1
X-TM-AS-Category-Info: : 31:0.000000
X-TM-AS-MatchedID: : 150567-701175-701576-702637-704445-701282-704658-702942-705178-702076-701387-709512-705584-703938-702358-700804-702662-703829-701083-709114-700661-702626-703575-705969-703355-704435-706538-701455-704859-704994-703371-702085-709584-700915-709415-700740-704927-139010-702214-710019-711953-705441-390078-702643-300015-148039-148050-20040
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l8HESqCO052003
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002

David,

I have to agree with Stefan and Steve on this.

1) DNS may be mis-trusted (falsely treated as a trusted entity)
with disastrous results, but properly designed applications would
permit PKI to fix that, not fail because of it.  A signed object
containing a DNS name permits detection of DNS failures.

Any purely DNS-based identity registration process is, of course,
as weak as DNS itself, so PKI at a minimum would have to use
something like credit card identity proofing through multiple
channels (physical mail of a registration secret + home
telephone activation) if it wishes to claim better assurance
for real (vs. pseudonymous) identities than that provided by DNS.

2) It is not the REST model that is of concern - short CRLs,
OCSP responses, or their signed SAML equivalents could be
retrieved just as easily using RESTful requests (SOAP/resource)
as with LDAP, CMC, or SOAP/RPC.  As Stefan says, it is the
signed object generated by a trusted PKI component that counts,
not the method by which it is obtained.  Of course, a CA
with any particular level of assurance could operate a WebDAV
interface that yields the same results as its CRLs, but you
intend WebDAV revocation responders to not be limited
to CAs, thus greatly expanding the attack surface of the system.

Is there a way to leverage all three portions of the proposal
(REST conceptual model, REST protocols, and naming models)
while preserving the end-to-end (PKI to consumer application)
properties of signed objects?

>> What the webdav scheme gives you is instant revocation
>> status, which CRLs do not give you, but the tradeoff is 
>> having to trust the repository.

If "instant" is the goal, I believe it would be better
achieved by morphing the repository into a basic assurance
PKI component with its own keys.  A CA's CPS can document
any deliberative process it wants (including none) before
revoking certs, thus permitting delegated responders
(WebDAV or other) to achieve any desired tradeoff between
response time and accuracy.

V/R,
Dave

v2.23.0 | Report a Bug | By Email