IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Nico Williams <nico@cryptonector.com> Wed, 12 February 2020 00:21 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01D6C120846 for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 16:21:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Level:
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hm8hJT_iXrj9 for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 16:21:35 -0800 (PST)
Received: from dog.birch.relay.mailchannels.net (dog.birch.relay.mailchannels.net [23.83.209.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FAD11200A4 for <saag@ietf.org>; Tue, 11 Feb 2020 16:21:34 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 55E1E1A13BC; Wed, 12 Feb 2020 00:21:34 +0000 (UTC)
Received: from pdx1-sub0-mail-a5.g.dreamhost.com (100-96-217-4.trex.outbound.svc.cluster.local [100.96.217.4]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id CF8191A151C; Wed, 12 Feb 2020 00:21:33 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a5.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Wed, 12 Feb 2020 00:21:34 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Illegal-Arithmetic: 14ad05bb1c5cbd46_1581466894142_1582931635
X-MC-Loop-Signature: 1581466894142:2398104954
X-MC-Ingress-Time: 1581466894142
Received: from pdx1-sub0-mail-a5.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTP id D89B480A23; Tue, 11 Feb 2020 16:21:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=sUw7ilnlr2xffj 8E29qTi9m5Rd4=; b=A8EysHb3CQMiMouag3JnmCSx4X8PFecn0Gagzz9lt4W852 jd9w+tPLds2OKmGwKrQ60YRfv9TsjJneDBUwyKbounNhK0POA0ONqIlqc8gOnWo0 w0gecXfPGmM2lLD2j2AWXwVgiwcWzFqbPhAq5jLt29PYNTBmHVZpXGNvOpBBQ=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTPSA id 81F6180A1E; Tue, 11 Feb 2020 16:21:29 -0800 (PST)
Date: Tue, 11 Feb 2020 18:21:27 -0600
X-DH-BACKEND: pdx1-sub0-mail-a5
From: Nico Williams <nico@cryptonector.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, saag@ietf.org
Message-ID: <20200212002125.GO18021@localhost>
References: <157762745765.1150.7880025422884493076@ietfa.amsl.com> <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <26497.1581418516@dooku>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieeggdduhecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomh
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/7d_jp8mBXEKW8GrmGBZ9wJwmzmw>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2020 00:21:37 -0000

Post-x.509 identifiers...  This isn't just about x.500 naming being
awful?

What do humans deal in?  Well, we deal in:

 - (trade)marks (trademarks, DBAs, ...)
 - personal names
    - and various documentary ID types (typically government-issued, but
      not necessarily)
    - bank account numbers and such
 - place names

Names, names, names.  Off-line too.  Book titles.  TV station names.
Play names, show names, movie names.  Names, and almost nothing but
names.

On the web humans mostly deal with domainname mappings of (trade)marks.
Indeed, the domainnames themselves are marks.

How much of a revolution in this state of affairs do you suppose the
IETF can drive?

Can we move past domainnames?  Maybe.  What is realistic?

One possibility is to do everything via smartphone apps, with app store
operators acting as curators.  Naming would still be about (trade)marks
(including icons, at least for those who are not sight-impaired), but we
might get past domainnames.  Who wants such a world?

What about laptops and desktops?

There's also corporate environments to think about, where naming of
_services_ is not after marks, but other things, and where web apps are
king rather than smartphone apps.

IMO domainnames aren't going away.  Indeed, people know what they are,
and interact with them.  Why should we ask users to forget about
domainnames just when they got used to them?

IMO as long as we have anything like names, there will be confusables
and phishing.  And I don't see us getting away from names.

Nico
--

v2.23.0 | Report a Bug | By Email