Re: [saag] post-X509 cryptographic identities
Nico Williams <nico@cryptonector.com> Wed, 12 February 2020 00:21 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01D6C120846 for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 16:21:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Level:
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hm8hJT_iXrj9 for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 16:21:35 -0800 (PST)
Received: from dog.birch.relay.mailchannels.net (dog.birch.relay.mailchannels.net [23.83.209.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FAD11200A4 for <saag@ietf.org>; Tue, 11 Feb 2020 16:21:34 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 55E1E1A13BC; Wed, 12 Feb 2020 00:21:34 +0000 (UTC)
Received: from pdx1-sub0-mail-a5.g.dreamhost.com (100-96-217-4.trex.outbound.svc.cluster.local [100.96.217.4]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id CF8191A151C; Wed, 12 Feb 2020 00:21:33 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a5.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Wed, 12 Feb 2020 00:21:34 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Illegal-Arithmetic: 14ad05bb1c5cbd46_1581466894142_1582931635
X-MC-Loop-Signature: 1581466894142:2398104954
X-MC-Ingress-Time: 1581466894142
Received: from pdx1-sub0-mail-a5.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTP id D89B480A23; Tue, 11 Feb 2020 16:21:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=sUw7ilnlr2xffj 8E29qTi9m5Rd4=; b=A8EysHb3CQMiMouag3JnmCSx4X8PFecn0Gagzz9lt4W852 jd9w+tPLds2OKmGwKrQ60YRfv9TsjJneDBUwyKbounNhK0POA0ONqIlqc8gOnWo0 w0gecXfPGmM2lLD2j2AWXwVgiwcWzFqbPhAq5jLt29PYNTBmHVZpXGNvOpBBQ=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTPSA id 81F6180A1E; Tue, 11 Feb 2020 16:21:29 -0800 (PST)
Date: Tue, 11 Feb 2020 18:21:27 -0600
X-DH-BACKEND: pdx1-sub0-mail-a5
From: Nico Williams <nico@cryptonector.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, saag@ietf.org
Message-ID: <20200212002125.GO18021@localhost>
References: <157762745765.1150.7880025422884493076@ietfa.amsl.com> <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <26497.1581418516@dooku>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieeggdduhecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomh
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/7d_jp8mBXEKW8GrmGBZ9wJwmzmw>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2020 00:21:37 -0000
Post-x.509 identifiers... This isn't just about x.500 naming being awful? What do humans deal in? Well, we deal in: - (trade)marks (trademarks, DBAs, ...) - personal names - and various documentary ID types (typically government-issued, but not necessarily) - bank account numbers and such - place names Names, names, names. Off-line too. Book titles. TV station names. Play names, show names, movie names. Names, and almost nothing but names. On the web humans mostly deal with domainname mappings of (trade)marks. Indeed, the domainnames themselves are marks. How much of a revolution in this state of affairs do you suppose the IETF can drive? Can we move past domainnames? Maybe. What is realistic? One possibility is to do everything via smartphone apps, with app store operators acting as curators. Naming would still be about (trade)marks (including icons, at least for those who are not sight-impaired), but we might get past domainnames. Who wants such a world? What about laptops and desktops? There's also corporate environments to think about, where naming of _services_ is not after marks, but other things, and where web apps are king rather than smartphone apps. IMO domainnames aren't going away. Indeed, people know what they are, and interact with them. Why should we ask users to forget about domainnames just when they got used to them? IMO as long as we have anything like names, there will be confusables and phishing. And I don't see us getting away from names. Nico --
- [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Derek Atkins
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Derek Atkins
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Watson Ladd
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Peter Gutmann
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Tony Finch
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Watson Ladd
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Viktor Dukhovni
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Finch
- Re: [saag] post-X509 cryptographic identities Michael Richardson