IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Nico Williams <nico@cryptonector.com> Fri, 14 February 2020 21:13 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 173401200C3 for <saag@ietfa.amsl.com>; Fri, 14 Feb 2020 13:13:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iB1IGYiJKsIq for <saag@ietfa.amsl.com>; Fri, 14 Feb 2020 13:13:08 -0800 (PST)
Received: from dragonfly.birch.relay.mailchannels.net (dragonfly.birch.relay.mailchannels.net [23.83.209.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 449671201DE for <saag@ietf.org>; Fri, 14 Feb 2020 13:13:07 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 60BFA3C09BA; Fri, 14 Feb 2020 21:13:06 +0000 (UTC)
Received: from pdx1-sub0-mail-a88.g.dreamhost.com (100-96-215-16.trex.outbound.svc.cluster.local [100.96.215.16]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id EB7213C0781; Fri, 14 Feb 2020 21:13:05 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a88.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Fri, 14 Feb 2020 21:13:06 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Tangy-Bitter: 7d5fddbc1089e1ff_1581714786211_1532058588
X-MC-Loop-Signature: 1581714786210:1882705794
X-MC-Ingress-Time: 1581714786210
Received: from pdx1-sub0-mail-a88.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a88.g.dreamhost.com (Postfix) with ESMTP id A856EA4670; Fri, 14 Feb 2020 13:13:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=2tGOynUkLouGWH b6bMa8BsWF87g=; b=xtyQPhu33szKQpmwl5L6DEsdqb8WEDh449WAAajPvpy8xK laA8UUQYfR/ZMxouHpmOjiW6HxF5IwiKDG/ECb7e4SRFqcjk9jvBiYRyhlgTYeYZ +mPw8/g92W2NJSxx96U4PT4q512ZTM+2Go6IeHpNwuYMe+V7ZbPKJOawLuLZc=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a88.g.dreamhost.com (Postfix) with ESMTPSA id B04EEA4672; Fri, 14 Feb 2020 13:12:59 -0800 (PST)
Date: Fri, 14 Feb 2020 15:12:57 -0600
X-DH-BACKEND: pdx1-sub0-mail-a88
From: Nico Williams <nico@cryptonector.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: IETF SAAG <saag@ietf.org>
Message-ID: <20200214211255.GZ18021@localhost>
References: <alpine.DEB.2.20.2002131443470.25433@grey.csi.cam.ac.uk> <20200213171324.GP18021@localhost> <d3d01f1f-5784-da84-1c59-e636d349bd2a@netmagic.com> <20200213175626.GR18021@localhost> <65357327-e2d7-89cc-221e-ed8ac2875048@netmagic.com> <A91F5BD6-BFBA-4BA7-9158-3F41A8F0F7D9@gmail.com> <20200213191952.GS18021@localhost> <9FEBBD2A-3578-436A-92E3-192CADC9FA8B@gmail.com> <20200213205158.GT18021@localhost> <CAMm+LwhAXWbVL=j3Cek_Sf9eK-aKsQgZ+Gsh55nP3nvur_JSEQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+LwhAXWbVL=j3Cek_Sf9eK-aKsQgZ+Gsh55nP3nvur_JSEQ@mail.gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrjedtgddugeekucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/-ZkjhaJYqQW6FuDobgnXg8zPEPg>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2020 21:13:10 -0000

On Fri, Feb 14, 2020 at 02:44:53PM -0500, Phillip Hallam-Baker wrote:
> The approach I tried to take in Shen in the 90s and have revisited with the
> Mesh is to make every individual the apex of their own trust hierarchy. [...]

Yes, but that way lies TOFU.  That's fine for many things, but not all
things.  You could argue the inverse is also true, that rooted naming
and trust are fine for many things, but not all things -- I would agree
with that.

>                                                                         My
> original hope was we could do something of the sort with PKIX. But X.509 is
> simply too complex for most organizations to manage let alone individuals.

I'm curious about this.  Are you referring here to the use of ASN.1/DER
and the ASN.1 types in RFC5280, or are you referring to semantics, or
something else?

> DNSSEC cannot meet my security needs because it insists all trust flows
> from one point. If I am designing an embedded system, I want to be able to
> specify the roots of trust.

Thanks for expanding on that.  I can agree with mesh-like trust and
naming for this, but for many things we'll still need a rooted trust
system like DNSSEC.

> IETF has ignored ceremony for too long under the motto 'we don't do UI'.
> Well you have to do ceremony to do security. So its about time we changed
> that. I am currently working (or trying to) on a paper on onboarding
> ceremonies which I hope will show the point.

+1

> Syntax is the least important part of PKI but it is a part of the puzzle.
> Why oh why do people think canonicalization is relevant? If you want to be
> able to verify a signature, you have to keep the original bits that were
> signed. End of story.

See below.

> That said, XML is better than ASN.1 DER because it isn't completely stupid.
> JSON is better as a data serialization than XML because it is designed to
> be a data serialization not a document markup. Requiring elements be
> presented in a particular order and schema validation are bogus.

BER/DER/CER, and all TLV ERs are idiotic, yes.  JSON is OK.  The rest of
what you say in this paragraph, not so much.

BTW, Heimdal's ASN.1 compiler lets you name types whose encodings have
to be saved in a `_save` structure field by the decoder.  It's very
nice, and, for PKIX, essential.  General purpose JSON decoders however
generally don't decode to a schema the way decoders compiled from an
ASN.1 module do, so it's harder to add a "save this part as encoded for
later signature verification" feature -- not impossible, but not widely
available either.  So one has to resort to base64-encoding the JSON
texts to be signed/encrypted and then sending those as strings in other
(possibly JSON) documents (e.g., JWT).  (In Kerberos we do the moral
equivalent and wrap things to be signed/encrypted in OCTET STRINGs.)

Nico
--

v2.23.0 | Report a Bug | By Email