[pkng] some thoughts
Leif Johansson <leifj@mnt.se> Thu, 12 November 2009 04:27 UTC
Return-Path: <leifj@mnt.se>
X-Original-To: pkng@core3.amsl.com
Delivered-To: pkng@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9FDAC3A67D2 for <pkng@core3.amsl.com>; Wed, 11 Nov 2009 20:27:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.981
X-Spam-Level:
X-Spam-Status: No, score=-3.981 tagged_above=-999 required=5 tests=[AWL=-1.382, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HSPM2XgJj2yz for <pkng@core3.amsl.com>; Wed, 11 Nov 2009 20:27:08 -0800 (PST)
Received: from backup-server.nordu.net (backup-server.nordu.net [193.10.252.66]) by core3.amsl.com (Postfix) with ESMTP id 64CEC28C1E5 for <pkng@irtf.org>; Wed, 11 Nov 2009 20:27:05 -0800 (PST)
Received: from [133.93.19.61] (host-19-61.meeting.ietf.org [133.93.19.61]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id nAC4RRYd019657 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <pkng@irtf.org>; Thu, 12 Nov 2009 05:27:32 +0100 (CET)
Message-ID: <4AFB8EB0.4000406@mnt.se>
Date: Thu, 12 Nov 2009 05:27:28 +0100
From: Leif Johansson <leifj@mnt.se>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: pkng@irtf.org
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [pkng] some thoughts
X-BeenThere: pkng@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Public Key Next Generation \(PKNG\) Research Group" <pkng.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/pkng>
List-Post: <mailto:pkng@irtf.org>
List-Help: <mailto:pkng-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2009 04:27:09 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a loose bunch of ideas and thoughts spurred by todays discussion. I'll probably come up with more later. I'm using the term 'key consumer' loosely to describe something that interacts with PKNG using PKNG keys whatever that is... Maybe that should be trust consumers but whatever... 1. bottoms up vs top down In PKIX the key relationship is between the key and the CA. I believe PKNG should turn this around and be designed based on the relationship between the key and the key consumer. I'm consciously trying to avoid using terms like user-centric or user-managed since they evoke images of specific technologies or patterns and in fact I'm thinking about the RPKI and the KARP when writing this. 2. assurance is not an enum The strength or assurance of a relationship (as represented by a key exchange) probably shouldn't be a discrete set of values (trusted or not, QC or not, or LoA 1-4 or whatever). In analogy with BGP, key consumers should be able to express rich policy for when to use a key for a particular transaction based on access to a parameter space that might encompass some of Lucys 'set-of-interactions' idea. For instance I'd like to be able to bootstrap my local trust parameter space from both physical interactions (our RFID thingamajigs touched) or virtual interactions (I saw an email signed by that key) 3. BGP of trust In analogy with networking I'd like PKNG to become the "routing layer" for trust. Specifically I believe it should be a non-goal of PKNG to even be able to express a single hierarchy of trust for the Internet :-) I believe that PKIX was built on technology designed to be deployed as _the single_ hierarchy of trust but it is in fact being deployed as a set of islands of trust. By contrast I think PKNG should be designed to interconnect multiple realms of trust. This is partly what I was getting at when I said that PKNG should be designed with 'bridges turned on by default' at the meeting today. Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkr7jrAACgkQ8Jx8FtbMZncGZwCgoHAV024rnQsM2756ur20PWZA vAUAnjveyOoWiajS32glvWMAkLqe5VsQ =0Epn -----END PGP SIGNATURE-----
- Re: [pkng] some thoughts Peter Saint-Andre
- [pkng] some thoughts Leif Johansson
- Re: [pkng] some thoughts Peter Saint-Andre
- Re: [pkng] some thoughts Leif Johansson