Re: [pkng] some thoughts
Peter Saint-Andre <stpeter@stpeter.im> Tue, 17 November 2009 18:37 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: pkng@core3.amsl.com
Delivered-To: pkng@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D69623A67DB for <pkng@core3.amsl.com>; Tue, 17 Nov 2009 10:37:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VsWQqXlZ8IWn for <pkng@core3.amsl.com>; Tue, 17 Nov 2009 10:37:10 -0800 (PST)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id C15383A68FE for <pkng@irtf.org>; Tue, 17 Nov 2009 10:37:10 -0800 (PST)
Received: from dhcp-64-101-72-196.cisco.com (dhcp-64-101-72-196.cisco.com [64.101.72.196]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 1567E40D16; Tue, 17 Nov 2009 11:37:08 -0700 (MST)
Message-ID: <4B02ED53.5090004@stpeter.im>
Date: Tue, 17 Nov 2009 11:37:07 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Leif Johansson <leifj@mnt.se>
References: <4AFB8EB0.4000406@mnt.se> <4AFCF02D.80202@stpeter.im> <4AFF27A8.6070307@mnt.se>
In-Reply-To: <4AFF27A8.6070307@mnt.se>
X-Enigmail-Version: 0.96.0
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="------------ms070301070504000808020405"
Cc: pkng@irtf.org
Subject: Re: [pkng] some thoughts
X-BeenThere: pkng@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Public Key Next Generation \(PKNG\) Research Group" <pkng.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/pkng>
List-Post: <mailto:pkng@irtf.org>
List-Help: <mailto:pkng-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2009 18:37:11 -0000
On 11/14/09 2:56 PM, Leif Johansson wrote: > Peter Saint-Andre wrote: >> On 11/12/09 1:27 PM, Leif Johansson wrote: > >>> 1. bottoms up vs top down >>> >>> In PKIX the key relationship is between the key and the CA. I >>> believe PKNG should turn this around and be designed based on the >>> relationship between the key and the key consumer. >>> >>> I'm consciously trying to avoid using terms like user-centric or >>> user-managed since they evoke images of specific technologies or >>> patterns and in fact I'm thinking about the RPKI and the KARP >>> when writing this. >> Leif, I skimmed your email while I was sitting in the DTNRG session this >> morning, so the mention of bottom up rang a bell. PKI is impossible when >> there is no "I" to be had (distressed networks, ad-hoc meshes, etc.). As >> people carry more and smaller personal devices, they might want to >> exchange information directly in their interactions (beamed, radioed, >> etc.). They won't necessarily have access to canonical sources of trust >> located in hierarchies or roots. Further, they might not *care* about >> hierarchical trust, instead putting a higher value on bottom up or peer >> to peer trust. Perhaps trust will be based more on social networking and >> personal interconnections (think IM buddy lists, LinkedIn, Facebook, >> Twitter). Keys and certs (or whatever we end up calling them) are cheap, >> so people might generate new ones when needed (or for different >> purposes), check credentials with people or entities in their network >> only when they interact with a person, etc. We have ways to push this >> information out (hey everyone, I've got a new keything) and for >> performing on-demand checks (hey Leif, Paul says his keything has a >> print of foo, is that consistent with what you know?). > >> Just a few random ideas generated on the Nozomi train out of Hiroshima... :) > >> Peter > >> -- >> Peter Saint-Andre >> https://stpeter.im/ > > > Yeah this is how I think about it too - to buzz a word: crowdsourcing > identity (but we'll have to be careful not to build another pgp that > doesn't have a business model). Despite my libertarian rhetoric, I'm not absolutely opposed to (some) hierarchies. Perhaps what I'd like to see is an approach that is not exclusively hierarchical (PKI with the focus on "I") or exclusively peer-to-peer (PGP), but instead an approach in which there can be many input sources. Some of those sources might be privileged or weighted more highly by some participants. And perhaps this is not all that different from PKI (I don't trust all CAs) or even PGP (I don't care if some random person has signed your key, only people I know about or have some trust in). Unfortunately I think that X.509/PKI and PGP/WoTs have been presented and deployed as two diametrically opposing approaches. I'd like to see us reach some harmony between the two concepts... Peter -- Peter Saint-Andre https://stpeter.im/
- Re: [pkng] some thoughts Peter Saint-Andre
- [pkng] some thoughts Leif Johansson
- Re: [pkng] some thoughts Peter Saint-Andre
- Re: [pkng] some thoughts Leif Johansson