Re: [saag] post-X509 cryptographic identities

[Nico Williams <nico@cryptonector.com>]

On Tue, Feb 11, 2020 at 03:31:59PM +0100, Michael Richardson wrote:
> Tony Rutkowski <trutkowski.netmagic@gmail.com> wrote:
>     >> Now we are unifying again :-)
>     >> Mozilla could, for instance, create a new higher-level CA, sign all of the
>     >> existing trust anchors they ship, and effectively be back at X509.
> 
>     > And who is going to assume the antitrust liabilities?  See, e.g.,
>     > https://www.vox.com/recode/2020/2/6/21125026/big-tech-congress-antitrust-investigation-amazon-apple-google-facebook
> 
> Well, that's a reason why re-creating There Shall be Only One PKI is a
> bad idea.  RFC2692/RFC2693 already gave us a lot of alternative views.

It seems like a miracle that we have DNS at all.

And when you talk about x.509 naming, it really does seem to mean that
you're referring to dNSName SANs, so, DNS.

It seems unlikely to me that we could replace a global system we have
(DNS) with a non-global system.  That's a lot of value to leave behind!

> Typical PKI implementations just makes it really hard for end users to
> actually manage their trust anchors, because it pretends that the
> local trust anchors were a pronouncement from god.

Yes.  But that's not a fault of PKIX, or DNS, or anything other than the
fact that not having name constraints widely implemented in 1993 meant
they were effectively not implemented at all, and _that_ turned PKIX
into WebPKI.

Whereas DNS of necessity has name constraints fully built-in, and had
them from day 0.

So we have one system (WebPKI) bolted onto another (DNS), and we have
this impedance problem of the first not having the necessary element of
name constraints.  Name constraints can't be retrofitted into WebPKI now
that we have a mess of root CAs overlapping each others namespaces -- a
mess that cannot be cleaned up.

It's not ccTLDs or any kind of naming hierarchy we need anyways, but
resolving names to registration authorities -- that is essential!  DNS
gives us that, while WebPKI does not.

So I take the opposite view: a single global namespace IS fine.  It may
well be the single biggest key to the Internet's success.  WebPKI is
busted.  ISTM incorrect to conclude that because WebPKI is busted, and
that because the "I" in it wanted it to be a single global namespace,
that then it must be that a global namespace is bad.

> https://www.rfc-editor.org/rfc/rfc2693.html#section-2.4
> 
> 2.4 Rethinking Global Names
> 
>    The assumption that the job of a certificate was to bind a name to a
>    key made sense when it was first published.  In the 1970's, people
>    operated in relatively small communities.  Relationships formed face
>    to face.  Once you knew who someone was, you often knew enough to
>    decide how to behave with that person.  As a result, people have
>    reduced this requirement to the simply stated: "know who you're
>    dealing with".
> 
>    Names, in turn, are what we humans use as identifiers of persons.  We
>    learn this practice as infants.  In the family environment names work
>    as identifiers, even today.  What we learn as infants is especially
>    difficult to re-learn later in life.  Therefore, it is natural for
>    people to translate the need to know who the keyholder is into a need
>    to know the keyholder's name.

Locality in naming usage does not imply that a global namespace is bad.

Nico
--