Re: [pkix] Connected Cars. Upgradable/Replaceable IoT systems. Re: Managing Long-Lived CA certs

Peter Gutmann <> Mon, 24 July 2017 13:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7C9E8131D19 for <>; Mon, 24 Jul 2017 06:54:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cJ37SzMpx0Fc for <>; Mon, 24 Jul 2017 06:54:28 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D7C80131771 for <>; Mon, 24 Jul 2017 06:54:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1500904468; x=1532440468; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=0i1HS2wS19D/LYv2cZ9mK9da511Hu5Uhnv64tIrS6c4=; b=HsQgnwVfT2vQMzmti5bJ4OYHnPBP+BpvoAt+YOATF6qlkoQQGXvW+wj1 0J18phZyQ9wWiu/yEBEHkL13O0vGFaotOT8NYxbV5RHKaoNJ2z6ifsr7Y 2Ekm0oX0ghFiFLlzvPu662EZJvUmjOI0mlDSMoHSu5nPIA/2vbEIpdzXn PkTVy+bad1GYEuvmMsIOwDgwzZjjeffsjHpNsbR4fIgFjigybZBAqpNUM I16dxqSFWttVIHroeU7MEV3EQfBPGk1731V4KqXzTHkyzRpNVeGFvKhwy RwxlsPhNTVv5KWsUSPmQmUldEyR5E6RsTP5Ji2B0Mzc4Kv1QNWWuP7o5m Q==;
X-IronPort-AV: E=Sophos;i="5.40,407,1496059200"; d="scan'208";a="167822678"
X-Ironport-Source: - Outgoing - Outgoing
Received: from ([]) by with ESMTP/TLS/AES256-SHA; 25 Jul 2017 01:54:25 +1200
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 25 Jul 2017 01:54:25 +1200
Received: from ([]) by ([]) with mapi id 15.00.1263.000; Tue, 25 Jul 2017 01:54:25 +1200
From: Peter Gutmann <>
To: Robert Moskowitz <>, Anders Rundgren <>, "" <>
Thread-Topic: [pkix] Connected Cars. Upgradable/Replaceable IoT systems. Re: Managing Long-Lived CA certs
Thread-Index: AQHTAd5+6l/jXclsikyPxskxVVbZeqJiMw+AgADQUkc=
Date: Mon, 24 Jul 2017 13:54:24 +0000
Message-ID: <>
References: <> <001501d2ff0e$00eddfa0$02c99ee0$> <> <> <003d01d2ffdd$35d67c70$a1837550$> <> <> <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [pkix] Connected Cars. Upgradable/Replaceable IoT systems. Re: Managing Long-Lived CA certs
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 24 Jul 2017 13:54:30 -0000

Robert Moskowitz <> writes:

>The IEEE 1609.2 standard for Vehicle safety messaging has a 'monster' PKI
>with certificate management.  To put it mildly.

Not just a monster PKI, a monster in general.  They invented their own
gratuitously incompatible way of doing everything possible (message security,
certificates, you name it, including a pile of novel security mechanisms never
before deployed at any real-world scale).

The thing with X.509, CMS, PGP, whatever you want to use is that after about
twenty years of public naming and shaming vendors have got at least some of
the bits right (but see for example the thread currently running on mozilla-
dev about CAs all over the world issuing certs for domain names that can't be
validated, in other words that were never checked by the CA before the certs
were issued).

OTOH the 1609.2 stuff, which goes way beyond what any standard public CA has
ever attempted (e.g. SCMS or Secure Credential Management System, which is...
no, it's too horrible to go into) will be used in a closed, non-public
environment where little if anything will ever be tested or checked for

Until the Black Hat and Defcon presentations start appearing...

>I worked on three telematics certificate systems.

I got exposed to 1609.2.  My response was that there simply wasn't enough
money in existence to get me to try and make that thing work.