IETF Logo Mail Archive

Re: [pkng] fyi: keyassure@ mailing list - aka tls@dnssec, certs/keys-in-DNS(sec), DKI

Massimiliano Pala <Massimiliano.Pala@Dartmouth.edu> Thu, 19 August 2010 03:55 UTC

Return-Path: <Massimiliano.Pala@Dartmouth.edu>
X-Original-To: pkng@core3.amsl.com
Delivered-To: pkng@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ECC073A683A for <pkng@core3.amsl.com>; Wed, 18 Aug 2010 20:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K2LV-0wrd1ZU for <pkng@core3.amsl.com>; Wed, 18 Aug 2010 20:55:20 -0700 (PDT)
Received: from mailhub2.dartmouth.edu (mailhub2.dartmouth.edu [129.170.17.107]) by core3.amsl.com (Postfix) with ESMTP id C15BF3A6817 for <pkng@irtf.org>; Wed, 18 Aug 2010 20:55:19 -0700 (PDT)
Received: from newblitzen.Dartmouth.EDU (newblitzen.dartmouth.edu [129.170.208.36]) by mailhub2.dartmouth.edu (8.13.5/DND2.0/8.13.5) with ESMTP id o7J24STc023309 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <pkng@irtf.org>; Wed, 18 Aug 2010 23:55:47 -0400
X-Disclaimer: This message was received from outside Dartmouth's BlitzMail system.
Received: from c-76-124-218-240.hsd1.nj.comcast.net [76.124.218.240] by newblitzen.Dartmouth.EDU (Mac) via SMTP for pkng@irtf.org id <175814749>; 18 Aug 2010 23:55:46 -0400
Message-ID: <4C6CABE0.4030309@Dartmouth.edu>
Date: Wed, 18 Aug 2010 23:58:24 -0400
From: Massimiliano Pala <Massimiliano.Pala@Dartmouth.edu>
Organization: Dartmouth College / OpenCA Labs
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100720 Fedora/3.0.6-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.6
MIME-Version: 1.0
To: pkng@irtf.org
References: <4C6C6830.9040103@KingsMountain.com> <4C6C6D4F.2020703@cs.tcd.ie> <p06240812c8921e7303c7@[10.20.30.158]> <4C6C7429.7020209@cs.tcd.ie>
In-Reply-To: <4C6C7429.7020209@cs.tcd.ie>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms000904040302020003040400"
X-MailScanner: Found to be clean by mailhub2.dartmouth.edu
X-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=4.506, required 1, AWL 0.15, BAYES_50 0.00, BLITZ_DISCLAIMER 0.05, FH_HELO_EQ_D_D_D_D 0.00, HELO_DYNAMIC_IPADDR 2.43, RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 0.88, RDNS_NONE 0.10)
X-MailScanner-SpamScore: ssss
X-MailScanner-From: massimiliano.pala@dartmouth.edu
Subject: Re: [pkng] fyi: keyassure@ mailing list - aka tls@dnssec, certs/keys-in-DNS(sec), DKI
X-BeenThere: pkng@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Public Key Next Generation \(PKNG\) Research Group" <pkng.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/pkng>
List-Post: <mailto:pkng@irtf.org>
List-Help: <mailto:pkng-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Aug 2010 03:55:21 -0000

Hi Stephen, all,

I would say that I am more with Paul on this. I do think that there's a real
need to re-invent the PKIs, especially in the way they are deployed. Indeed,
it is quite difficult to provide interoperability among different infrastructures
also when cross-certification is used.

I have been pushing back my contribution to this list because of the huge load
of work.. unfortunately it does not look better in the near future :) But, as
soon as I find some funds to work on my ideas (always the same problem, isn't
it?) I will try to write an initial document that the list could work on.

The current areas I am planning on working on are:
- trust infrastructure service discovery
- support for PKIX (and non-PKIX) trust infrastructures
- dynamic federation support
- scalability

My plan is to approach these problems by providing an underlying collaborative
infrastructure that will enable the deployment of a globally distributed trust
infrastructure for the Internet.

Work in Progress..

    -- Max


On 08/18/2010 08:00 PM, Stephen Farrell wrote:
>
>
> On 19/08/10 00:36, Paul Hoffman wrote:
>> Not at all. PKNG's charter is to "look into alternate certificate formats, semantics,
>> and PK services that could eventually replace PKIX if deployed".
>
> Right. Zero documents and a moribund list seem to imply the charter was wishful
> thinking.
>
>> The new mailing list is aimed at protocols that use PKIX certificates, and the draft
>> that I co-authored is specifically about TLS, which requires a PKIX certificate to
>> identify the server.
>>
>> This list can still be useful within our charter if folks get get some creative
>> juices flowing around the idea of alternate formats, semantics, and services.
>
> (Don't I recall you saying that new format work was exactly what you didn't want to
> happen first?)
>
> Look, if something does start to happen here, then that'd be great. All I'm saying is
> that given the (lack of) history here and the evident interest in
> websockets/keys-in-DNS et al I suspect the relevant CPU cycles are going to be invested
> elsewhere for the next while. I'd be delighted to be proven wrong.


-- 

Best Regards,

	Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]                   openca@acm.org
                                                  project.manager@openca.org

Dartmouth Computer Science Dept               Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory                          Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
							   -- Isaac Asimov

v2.23.0 | Report a Bug | By Email