[pkng] Proposal for a PKS (was Re: json-dsig anyone?)
Massimiliano Pala <pala@cs.dartmouth.edu> Wed, 24 March 2010 15:22 UTC
Return-Path: <pala@cs.dartmouth.edu>
X-Original-To: pkng@core3.amsl.com
Delivered-To: pkng@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA54E3A6B56 for <pkng@core3.amsl.com>; Wed, 24 Mar 2010 08:22:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.869
X-Spam-Level:
X-Spam-Status: No, score=-2.869 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ri3mOk9KAsUm for <pkng@core3.amsl.com>; Wed, 24 Mar 2010 08:22:14 -0700 (PDT)
Received: from mail.cs.dartmouth.edu (mail.cs.dartmouth.edu [129.170.212.100]) by core3.amsl.com (Postfix) with ESMTP id 0D1EB3A6B80 for <pkng@irtf.org>; Wed, 24 Mar 2010 08:21:35 -0700 (PDT)
Received: from [192.168.100.51] (c-98-221-105-220.hsd1.nj.comcast.net [98.221.105.220]) (authenticated bits=0) by mail.cs.dartmouth.edu (8.14.3/8.14.3) with ESMTP id o2OFLs2S029630 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT) for <pkng@irtf.org>; Wed, 24 Mar 2010 11:21:54 -0400
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 mail.cs.dartmouth.edu o2OFLs2S029630
DomainKey-Signature: a=rsa-sha1; s=mail; d=cs.dartmouth.edu; c=simple; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:subject:references:in-reply-to:content-type; b=jve2BYGBX9/k3yl5hqunnTdEFYIRdce78d+CznTUl4Uga+sL4Uf7hHdSb7EE7yV2m nBgTXISMHyVVKBwGRdpbA==
Message-ID: <4BAA2EB5.7090909@cs.dartmouth.edu>
Date: Wed, 24 Mar 2010 11:24:37 -0400
From: Massimiliano Pala <pala@cs.dartmouth.edu>
Organization: Dartmouth College / OpenCA Labs
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100301 Fedora/3.0.3-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.3
MIME-Version: 1.0
To: pkng@irtf.org
References: <4BA666E4.2050408@sunet.se> <p062408bec7cc34119aaa@[10.20.30.158]> <328D39B3-2FE9-4962-BC84-E17BB280504C@cs.tcd.ie> <4BA7B3FD.2070102@sunet.se> <4BA7E192.90408@sunet.se>
In-Reply-To: <4BA7E192.90408@sunet.se>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms010403000100090305030707"
Subject: [pkng] Proposal for a PKS (was Re: json-dsig anyone?)
X-BeenThere: pkng@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: openca@acm.org
List-Id: "Public Key Next Generation \(PKNG\) Research Group" <pkng.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/pkng>
List-Post: <mailto:pkng@irtf.org>
List-Help: <mailto:pkng-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2010 15:22:17 -0000
Hello PK-NGers, I think that the issue everyone is bringing up is the need to have a way to make PK easier than it is now. My take on this is that we need to have a Public Key System (PKS) which should be capable of providing support for (1) PK deployers, (2) developers (by facilitating interactions among different parts of PKI) and (3) the users (by providing easy-to-use interfaces). I would say that we shall avoid the lack of vision that happened with the "normal" PKIs. As a metaphor, we might say that in PKIs we are now still trying to use a host.txt file instead of setting up a DNS.. and we all know how difficult that might be - especially in open environments like the Internet. My proposal is to provide a support infrastructure (sevice) for easy deployment of PK systems (or trust infrastructures ?) I am going to submit a new draft soon about the basics of the PKS that should allow to support any PK-based system, no matter if it is X.509 based (to allow the usage of X509) or any other standard as long as it is based on some sort of "signed" assertion (e.g., a certificate or a signed key) and, of course, public keys :D Is anybody interested in the idea ? Please let me know.. Cheers, Max On 03/22/2010 05:30 PM, Leif Johansson wrote: > On 03/22/2010 07:16 PM, Leif Johansson wrote: >> >>> Eh ... What is "for now" again? Hard to recall with so little happening. >>> Maybe letting formatters run free might help? >>> (not a criticism since I also probably promised to do stuff but just a >>> suggestion) >> >> Personally I think this question is a consequence of the "must be easier >> to deploy" requirement. I ass u me :-) that something might >> look like a signature of something which might have to live in the >> browser and I don't think that is jumping too far ahead quite >> frankly :-)
- [pkng] json-dsig anyone? Leif Johansson
- Re: [pkng] json-dsig anyone? Paul Hoffman
- Re: [pkng] json-dsig anyone? Stephen Farrell
- Re: [pkng] json-dsig anyone? Leif Johansson
- Re: [pkng] json-dsig anyone? Leif Johansson
- [pkng] Proposal for a PKS (was Re: json-dsig anyo… Massimiliano Pala
- Re: [pkng] Proposal for a PKS (was Re: json-dsig … Leif Johansson
- Re: [pkng] Proposal for a PKS (was Re: json-dsig … Peter Saint-Andre
- [pkng] Some topics for PKNG Thomas Hardjono
- Re: [pkng] Some topics for PKNG Thomas Hardjono
- Re: [pkng] Some topics for PKNG Leif Johansson