IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Tony Rutkowski <trutkowski.netmagic@gmail.com> Wed, 12 February 2020 21:04 UTC

Return-Path: <trutkowski.netmagic@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13EED120954 for <saag@ietfa.amsl.com>; Wed, 12 Feb 2020 13:04:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cc10BoaN1JlW for <saag@ietfa.amsl.com>; Wed, 12 Feb 2020 13:04:43 -0800 (PST)
Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25246120951 for <saag@ietf.org>; Wed, 12 Feb 2020 13:04:43 -0800 (PST)
Received: by mail-qt1-x82d.google.com with SMTP id w47so2742147qtk.4 for <saag@ietf.org>; Wed, 12 Feb 2020 13:04:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:reply-to:subject:to:cc:references:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=seilAh/HgJTENstNoF5VBJ3k9exAZh0cW5q0hEYlmTQ=; b=PviAvXBJr7LrO91O7sjQsgr4emAUNA/wmEAf0yZD39xkw2QG1xx/eIxLYfSL9ybDog 9JYvIr498SvkIJu/sW4ZOqlCJrmh88qEgPsCSYfR2YznA4z8z0uceQPFP8AthHcnLV2t qGOxKMPgAPlRf+G56ydax9wDnqNb+oBVcSqDyk8ob2gyxVHp+N9yLgiKADhPGCivM3Hb wW1cNaD0rIWgrWRwTLflHmHEPlwgUbMnXdWbEXyEakTPglzOC0vX8cd9CAzFQZZk3qoX sS8ynfsjwJ7/gZTZ0CK4r5OnyNxvOKR7ptN4x73syGT74/gsPYdh/4UkfC70WrkX+Bg1 94yQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:reply-to:subject:to:cc:references :organization:message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding:content-language; bh=seilAh/HgJTENstNoF5VBJ3k9exAZh0cW5q0hEYlmTQ=; b=LvT7hTV+1Vn2SSg1JspW3ZEAIFSpYYPmrQTEsNcKTgT2RbrD0tgoRTIfTihpI+ZUO2 FIBhlkgLyYSiWl8gg/DuL9E3DLXDUupXYTq4QjP2QNflo6r9rI1gGi2kmAVbyI4tVnyB eKDjBNpsyb5g+IRDqb+JVZ2BcokePrtvmZFldgMZ9POsLBhkfMNyNo7Sv3TDtnKwP2oW 9mNNVaHDbCwVayc7wmnuivJUyqAKQJZX7N6cKOncAks93xhjH6/EQOwvqLAbSXFHw4v5 J7c1+lAexZLl/6B1iADa+t0drikgfb7OCsIqxwffNh2yYFSQ4PLrf/C2+2vvqozNEOdD 4KNg==
X-Gm-Message-State: APjAAAVaPEyIL121JFUPMXePxBWcukWZJZtkssDc9EknQrJz9Frx8XMO UostTOF+NCS5xAQ3ZTu7Bhs=
X-Google-Smtp-Source: APXvYqzKDFkO29wY3QK6jqGmSzdBWYaGVAK9HLQPM9PuG7rOQX9uZUuqH79EErkPZL1QczEEzZTqFg==
X-Received: by 2002:ac8:9e:: with SMTP id c30mr9010423qtg.359.1581541482193; Wed, 12 Feb 2020 13:04:42 -0800 (PST)
Received: from [192.168.1.53] (pool-70-106-222-98.clppva.fios.verizon.net. [70.106.222.98]) by smtp.gmail.com with ESMTPSA id w53sm185701qtb.91.2020.02.12.13.04.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 12 Feb 2020 13:04:41 -0800 (PST)
From: Tony Rutkowski <trutkowski.netmagic@gmail.com>
X-Google-Original-From: Tony Rutkowski <trutkowski@netmagic.com>
Reply-To: trutkowski@netmagic.com
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Derek Atkins <derek@ihtfp.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "era@x500.eu" <era@x500.eu>, "saag@ietf.org" <saag@ietf.org>, Arnaud Taddei <arnaud.taddei@broadcom.com>, "jean-paul.lemaire@univ-paris-diderot.fr" <jean-paul.lemaire@univ-paris-diderot.fr>
References: <157762745765.1150.7880025422884493076@ietfa.amsl.com> <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku> <8ccb201a00d4e693c882225170ca424f.squirrel@mail2.ihtfp.org> <7dba0cd7-5b80-a80d-22ce-954baf7d293b@netmagic.com> <1581522672769.89576@cs.auckland.ac.nz>
Organization: Netmagic Associates LLC
Message-ID: <84bf0eb6-0b5a-164f-7da9-a2c0781a17e0@netmagic.com>
Date: Wed, 12 Feb 2020 16:04:40 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <1581522672769.89576@cs.auckland.ac.nz>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/0VOtWC1veD1zWtjX0ApgLjwYP1E>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2020 21:04:45 -0000

Hi Peter,

Ruth was the leader of one of the higher level SDNS teams.  If you go to 
the paper on SP4 (IPSEC), you can see how PKI is used and managed in the 
paper by Branstad, Dorman, Housley, and Randall.

> SP4 was designed to be independent of encryption algorithm and method 
> of key distribution. Either symmetric or asymmetric algorithms can be 
> used.
> SDNS uses SP4 with a symmetric key algorithm. SP4 depends on the key 
> manager to establish and update traffic keys. The SDNS key manager 
> uses public key cryptography to generate these traffic keys
--tony r

On 2020-02-12 10:51 AM, Peter Gutmann wrote:
> Tony Rutkowski <trutkowski.netmagic@gmail.com> writes:
>
>> The earliest public description of PKI development and objectives can be
>> found in the seminal paper presented by Ruth Nelson in 1987.  See Ruth
>> Nelson, SDNS Services and Architecture, 10th National Computer Security
>> Conference Proceedings, Sept 1987.
> Uhh, that doesn't talk about PKI at all, it talks about SP3/SP4, key
> agreement/transport, and the use of key management centres.  In particular
> certs are issued by the KMC, which makes it more a type of server-assisted
> crypto mechanism where you contact a server in order to communicate securely
> with someone else, which was done by the Public File about a decade earlier.
>
> Peter.

v2.23.0 | Report a Bug | By Email