IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Nico Williams <nico@cryptonector.com> Thu, 13 February 2020 19:20 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 842AB1201CE for <saag@ietfa.amsl.com>; Thu, 13 Feb 2020 11:20:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X6NkK7EBuEX2 for <saag@ietfa.amsl.com>; Thu, 13 Feb 2020 11:20:05 -0800 (PST)
Received: from brown.birch.relay.mailchannels.net (brown.birch.relay.mailchannels.net [23.83.209.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 574AC1200C3 for <saag@ietf.org>; Thu, 13 Feb 2020 11:20:05 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 69A595A0DB3; Thu, 13 Feb 2020 19:20:04 +0000 (UTC)
Received: from pdx1-sub0-mail-a17.g.dreamhost.com (100-96-216-4.trex.outbound.svc.cluster.local [100.96.216.4]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id C506D5A0CE7; Thu, 13 Feb 2020 19:20:03 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a17.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Thu, 13 Feb 2020 19:20:04 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Shade-Tank: 1eb331d80a8f1536_1581621604076_1262098178
X-MC-Loop-Signature: 1581621604076:1237315908
X-MC-Ingress-Time: 1581621604076
Received: from pdx1-sub0-mail-a17.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a17.g.dreamhost.com (Postfix) with ESMTP id 68CB19382A; Thu, 13 Feb 2020 11:19:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=JfLpWsH+yeXueJBpoLm7JH8YtRk=; b=dc0ghB5nuwe QhxeTxMc+z0phD8osiQtrmlQn+7t3nqGsTiUiUPtRp8XnW89OJ+ppsLoUnOigZnL BFGIH7JcVt1EhCm4U/QkZFiG/hdwOxc5XrOf/sTygqGu4gkZALG0RQUp7SyE73pT weDV0YcpyKqAIDar0d6qxXlJx6xZB0Ak=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a17.g.dreamhost.com (Postfix) with ESMTPSA id 493209382E; Thu, 13 Feb 2020 11:19:56 -0800 (PST)
Date: Thu, 13 Feb 2020 13:19:53 -0600
X-DH-BACKEND: pdx1-sub0-mail-a17
From: Nico Williams <nico@cryptonector.com>
To: Henry Story <henry.story@gmail.com>
Cc: trutkowski@netmagic.com, Michael Richardson <mcr+ietf@sandelman.ca>, saag@ietf.org
Message-ID: <20200213191952.GS18021@localhost>
References: <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku> <20200212002125.GO18021@localhost> <alpine.DEB.2.20.2002131443470.25433@grey.csi.cam.ac.uk> <20200213171324.GP18021@localhost> <d3d01f1f-5784-da84-1c59-e636d349bd2a@netmagic.com> <20200213175626.GR18021@localhost> <65357327-e2d7-89cc-221e-ed8ac2875048@netmagic.com> <A91F5BD6-BFBA-4BA7-9158-3F41A8F0F7D9@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <A91F5BD6-BFBA-4BA7-9158-3F41A8F0F7D9@gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieekgdduvdegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtugfgjggfsehtkeertddtreejnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomh
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/2JaSLtiYR__leDWjTqOXgZ_F9Mo>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2020 19:20:08 -0000

On Thu, Feb 13, 2020 at 07:48:18PM +0100, Henry Story wrote:
> I think one has to take it as a ”fait accompli” that domain name
> dilution has happened. In any case asking people to remember the
> meaning of 2 character codes for country names globally would have
> required a huge investment in teacher training, child training etc… to
> accomplish.  Most Europeans have trouble remembering where US states
> are located even though it is taught in final years around the age of
> 17-18. Most US citizens have trouble remembering all the states of
> Europe, even though many had ancestors the immigrated from here.

That's a misconception, that peole need to know country codes.  Or that
we need anything like geopolitical hierarchy in the DNS, except for the
purposes of registration and dispute resolution, which requires
namespaces with registries, registrars, and sovereign jurisdictions, but
not much more.

> That is not the way to do things. Instead lets accept that choosing
> domain names is taken over by marketing folks, that poor countries are

Yes.

> selling their domains to make much needed money, etc… Furthermore the
> only way to get rid of domain name squatters is to make their business
> irrelevant by just adding new domain names.
> 
> Instead one should lead the Sovereigns to enter into the web by providing
> data in machine readable format, about the companies and web sites that
> wish to tie themselves to those legal institutions, the benefits of
> which are not to be underestimated: you only need to live some time in
> lawless zones, from squats onwards to understand how helpful the law
> is.  This can be done in a purely opt in basis, though it would
> require some conventions to be agreed upon, and the basic naming
> infrastructure to work securely.

We have this now.

You might propose tweaking governance.  You might propose all sorts of
things, but some will be easier to pull off than others.

> Btw. one of the reasons why the system worked for so long, is that initially
> the web of trust on which domain names and URIs built was built up
> in a peer to peer manner by people linking pages. Those pages that got
> the most links rose to the top in search engines that started using that
> information (At AltaVista we did not know how to do it).

Yes, the search engines function as a sort of registry.

> Now that undermining the system of links through bots has a lot of 
> value, that architecture no longer works. One actually now needs the
> systems that have evolved to deal with law and law breakers, which
> are called states, and which exist in diplomatic/anarchic relations
> with one another.

Yes.  But would any alternative look that different to the current DNS?
I am very skeptical.

Nico
--

v2.23.0 | Report a Bug | By Email