Re: [pkix] Considerations about the need to resume PKIX work

"Dr. Pala" <> Thu, 20 July 2017 16:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C8308131945 for <>; Thu, 20 Jul 2017 09:40:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gEPkt4Lsap3O for <>; Thu, 20 Jul 2017 09:39:59 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id CCA3A131714 for <>; Thu, 20 Jul 2017 09:39:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id C6C5A3740F3C; Thu, 20 Jul 2017 12:39:57 -0400 (EDT)
To: Anders Rundgren <>, PKIX <>
References: <> <> <> <>
From: "Dr. Pala" <>
Organization: OpenCA Labs
Message-ID: <>
Date: Thu, 20 Jul 2017 18:39:55 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------40AC826DDE7D1E9447C796D1"
Content-Language: en-US
Archived-At: <>
Subject: Re: [pkix] Considerations about the need to resume PKIX work
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Jul 2017 16:40:01 -0000

Thanks Anders,

DISCLAIMER: I just want to clarify that this discussion is not part of 
what I proposed as work on revocation.

This said, I would say that if your attempt to provide a decentralized 
system for payments would benefit from the work around revocation and / 
or discoverability, I would be interested to read about the use-cases there.


On 7/20/17 5:53 PM, Anders Rundgren wrote:
> On 2017-07-20 14:24, Dr. Pala wrote:
>> Hi Anders,
> Hi Max,
>> Maybe, this time we might have a way in. I would be willing to work 
>> on it (even outside IETF, if there is no interest) and provide 
>> implementations in LibPKI. Easy and Secure "Provisioning / 
>> Enrollment" protocols are at the core for many ecosystems (e.g., IoT, 
>> WIFI, etc.). For the TEEP - I do not think they are going to address 
>> this particular issue/issues for what I have seen at the BoF.
>> Let's talk about this - can you send me pointers you might think are 
>> useful to start from ?
> Oh, there are virtually TONs of possible and potentially useful 
> crypto-related projects out there.
> I have over the years provided plenty of pointers in PKIX to such with 
> quite limited feedback.
> The crux is getting anything implemented as well as getting some kind 
> of funding.
> There are more subtle hurdles as well.  If you are not world-renowned 
> cryptographer or
> working for a well-known (US) technology provider nobody will even 
> read your papers.
> I do currently not work with IoT or WiFi authentication so I may be a 
> less useful partner.
> I'm rather trying to create a scheme for challenging CENTRALIZED 
> payment schemes
> like Android and Apple Pay through a DECENTRALIZED trust infrastructure.
> It is so full of crypto that hardly any bank-tech folks get it :-|

Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo