IETF Logo Mail Archive

Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item

David Chadwick <d.w.chadwick@kent.ac.uk> Fri, 14 September 2007 17:15 UTC

Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWElo-000792-2R for pkix-archive@lists.ietf.org; Fri, 14 Sep 2007 13:15:56 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IWElm-0003ag-O1 for pkix-archive@lists.ietf.org; Fri, 14 Sep 2007 13:15:56 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l8EGF2Us073632 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 14 Sep 2007 09:15:02 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l8EGF2Gm073631; Fri, 14 Sep 2007 09:15:02 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mx5.kent.ac.uk (mx5.kent.ac.uk [129.12.21.36]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l8EGF04v073617 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Fri, 14 Sep 2007 09:15:01 -0700 (MST) (envelope-from d.w.chadwick@kent.ac.uk)
Received: from dhcp2976.kent.ac.uk ([129.12.41.118]) by mx5.kent.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.62) (envelope-from <d.w.chadwick@kent.ac.uk>) id 1IWDob-0003Zy-4g; Fri, 14 Sep 2007 17:14:45 +0100
Message-ID: <46EAB378.4090506@kent.ac.uk>
Date: Fri, 14 Sep 2007 17:14:48 +0100
From: David Chadwick <d.w.chadwick@kent.ac.uk>
Organization: University of Kent
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Stefan Santesson <stefans@microsoft.com>
CC: Stephen Kent <kent@bbn.com>, "ietf-pkix@imc.org" <ietf-pkix@imc.org>
Subject: Re: request for WG to adopt draft-chadwick-webdav-00.txt as a work item
References: <OF3876B698.C80CC9A9-ONC125734F.002F7456@frcl.bull.fr> <46E1B0B7.3080003@kent.ac.uk> <p06240511c30b2a2eae3c@[128.89.89.71]> <46E6678A.2030307@kent.ac.uk> <A15AC0FBACD3464E95961F7C0BCD1FF006A25BE970@EA-EXMSG-C307.europe.corp.microsoft.com>
In-Reply-To: <A15AC0FBACD3464E95961F7C0BCD1FF006A25BE970@EA-EXMSG-C307.europe.corp.microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-UKC-Mail-System: No virus detected
X-UKC-SpamCheck:
X-UKC-MailScanner-From: d.w.chadwick@kent.ac.uk
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 68ba2b07ef271dba6ee42a93832cfa4c



Stefan Santesson wrote:
> David,
> 
> Everything in security is a tradeoff, but that is not an excuse to
> introduce new classes of threats that defeats basic security
> principles when there exists valid alternatives that don't. PKI has
> some basic important security principles in that it leverage trust in
> signed objects and not in the information infrastructure.

I think you will find this is not always entirely true. The DNS is 
usually needed as a trusted entity, and if it mal-performs PKIs can 
break disasterously.


  Also, when
> CRLs are used for revocation checking, there is an underlying
> principle that one or more CRL's are available with scopes that cover
> all issued certificate with a current validity period.

I agree that this is one of the key strengths of CRLs.

> 
> With the WebDav proposal you violate both these principles. I don't
> see a strong enough motivation for doing so,

Lets wait and see on this one. WebDav is becoming more ubiquitous all 
the time. SVN and other systems use it as their transport medium. It is 
rumoured that it will take over from FTP soon.

But as I said in my earlier email, my proposal is really three topics in 
one: the REST conceptual model, the protocol(s) that might use the REST 
principles for certificate status (only WebDav proposed so far but 
others could be used as well), and the information model for naming the 
certs and CRL files.

I think fundamentally it is the REST model that you do not like for 
determining the status of a certificate. Am I correct on that?

regards

David


  and I object to putting
> an IETF/PKIX rubberstamp on such solution Therefore I can't support
> this solution to be developed within the PKIX workgroup.
> 
> 
> Stefan Santesson Senior Program Manager Windows Security, Standards
> 
> 
>> -----Original Message----- From: owner-ietf-pkix@mail.imc.org
>> [mailto:owner-ietf- pkix@mail.imc.org] On Behalf Of David Chadwick 
>> Sent: den 11 september 2007 12:02 To: Stephen Kent Cc:
>> ietf-pkix@imc.org Subject: Re: request for WG to adopt
>> draft-chadwick-webdav-00.txt as a work item
>> 
>> 
>> Hi Steve
>> 
>> As you know nearly everything in security is a tradeoff in one way
>> or another. What the webdav scheme gives you is instant revocation
>> status, which CRLs do not give you, but the tradeoff is having to
>> trust the repository. So the schemes are fundamentally different,
>> but I submit that there are many user requirements where the
>> tradeoff of instant revocation is preferable to the more
>> cryptographically protected though stale CRL scheme.
>> 
>> regards
>> 
>> David
>> 
>> 
>> Stephen Kent wrote:
>>> David,
>>> 
>>> I have to agree with those who have expressed some concerns about
>>>  security aspects of cert revocation status under the WebDAV
>>> model.  I think it is a precept of current PKI models that we
>>> don't rely completely on the integrity of repositories.  That's
>>> why we post
>> signed
>>> CRLs and why the v2 CRL has both this update and next update
>>> fields.
>> We
>>> are always cognizant of the possibility that even with signed
>>> data,
>> the
>>> data might not be fresh, and so we try to minimize the
>> vulnerabilities
>>> associated with our reliance on on repositories.
>>> 
>>> Steve
>>> 
>>> 
>> --
>> 
>> ***************************************************************** 
>> David W. Chadwick, BSc PhD Professor of Information Systems
>> Security The Computing Laboratory, University of Kent, Canterbury,
>> CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44
>> 1227 762 811 Mobile: +44 77 96 44 7184 Email:
>> D.W.Chadwick@kent.ac.uk Home Page:
>> http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web
>> site: http://www.cs.kent.ac.uk/research/groups/iss/index.html 
>> Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is
>> 0xBC238DE5
>> 
>> *****************************************************************
> 
> 
> 

-- 

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

v2.23.0 | Report a Bug | By Email