IETF Logo Mail Archive

Re: [saag] Direct trust between users

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 25 April 2019 22:16 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1C4312035E for <saag@ietfa.amsl.com>; Thu, 25 Apr 2019 15:16:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.648
X-Spam-Level:
X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 526XooX903gz for <saag@ietfa.amsl.com>; Thu, 25 Apr 2019 15:16:45 -0700 (PDT)
Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com [209.85.210.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C274120342 for <saag@ietf.org>; Thu, 25 Apr 2019 15:16:44 -0700 (PDT)
Received: by mail-ot1-f53.google.com with SMTP id g8so943008otk.8 for <saag@ietf.org>; Thu, 25 Apr 2019 15:16:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=V0IL9jrQW5ZoHevh47pgbs2GgPnrPc6I6Yj536Y8PRU=; b=e5rlxj9ZSq9M1PTDRn6tgBbUtOTlxqPdd5iIL+Bes5IDPUixa/RbOJjS8noxHYGPy3 3q9D9PqxyWvoHpxYOfRgLZM2LQsyRidLP9c8vd62V0GiKv9y1BoNCK8GuBYup3pVhbgc Xn6bukVIKcdqbcYO+p/PDgYRM+BY/XH923SxXm39ci/5JBEyCwYYd9WXceTvmeM9jCIK i30GDQvaMFFALFbINErmezzxBKOOsW4RhxlQB7ut0G/7S+IpCwboTzj+s8BgXT0Uhx+T vp1eisIbHniNbIYXg0jeflknj07+BIqhIAhRtY2piW2vIx33Iki89CstNV+cULSfzO2B fJ0Q==
X-Gm-Message-State: APjAAAWPLApG6X0T0B/KYwMWMVzHkyBUF3tqNYLQr+94rmqlycQC0Ejs 8AQn6LLSD+3UWnF+E0wmBBN1k+4eyxrhqNwd+uc=
X-Google-Smtp-Source: APXvYqznAr17k9D8vUVYVBdQTrndqRgttFNbAV/0767XKPrlPxEvEnVgQl+Mx0iRFYoIiiYIA1yR+ejX7/2X5VzRGPw=
X-Received: by 2002:a9d:58c5:: with SMTP id s5mr23577877oth.361.1556230603518; Thu, 25 Apr 2019 15:16:43 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+LwheS8mP8guk4++VNSfcp19kqcOZLxCHaV0=F02xyc7Aow@mail.gmail.com> <20190424182641.GL3137@localhost> <CAMm+LwjAPOf9eW9kpHfh=4MmSYLciHBJ4g2Kr32bkejpsdf3Xw@mail.gmail.com> <20190424233338.GP3137@localhost> <16119.1556207291@dooku.sandelman.ca> <CAMm+Lwji0P=o+WzMOTr4ZbYDsiSUvt7evhgz-sPkPxQhdS_6pQ@mail.gmail.com> <20190425212839.GW3137@localhost>
In-Reply-To: <20190425212839.GW3137@localhost>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 25 Apr 2019 18:16:32 -0400
Message-ID: <CAMm+Lwgv68T4m6gk6mijLPiLDL6a2BThsDpyb+4ADog4L7UYiw@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004fc2760587622cb4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/98QGvnanrx0iErjeixZdqajkhZY>
Subject: Re: [saag] Direct trust between users
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2019 22:16:47 -0000

On Thu, Apr 25, 2019 at 5:28 PM Nico Williams <nico@cryptonector.com> wrote:

> On Thu, Apr 25, 2019 at 04:44:15PM -0400, Phillip Hallam-Baker wrote:
> > On Thu, Apr 25, 2019 at 11:48 AM Michael Richardson <
> mcr+ietf@sandelman.ca>
> > wrote:
> > > Nico Williams <nico@cryptonector.com> wrote:
> > >  > Long long ago I used to imagine the U.S. postal service selling
> > >  > what you might call EV user certificates: after all, there are
> > >  > post offices everywhere and their staff are trained in validating
> > >  > government-issued IDs, often they're even notaries public!  I
> > >  > supposed one might even be able to get attribute certs attesting
> > >  > that the holder of the key is, e.g., a citizen, or over 18 years
> > >  > of age.
> > >
> > > Canada Post had a key in the browser list for a decade or so, and
> > > there was some project with Entrust to do something, but I don't
> > > think it ever happened.
> >
> > The US Post office had a series of proposed schemes as well. None of
> > them ever got anywhere because we poached their staff as fast as they
> > could train them.
> >
> > Every 18 months some political appointee would attempt to start some
> > information superhighway effort. A team would be staffed up in the
> > USPO and learn about PKI. About twelve months in, they would be all
> > nicely trained up and we would show up and offer double their salary
> > plus stock.
>
> Oh.  That's the reason?  This is the sort of thing that should be setup
> via a contract with an external party, then this sort of "sabotage" (no
> offense intended) is much less likely (the external party won't want to
> be in breach).
>

It wasn't on purpose.

It was only after going into the account for the third time that I suddenly
realized it was very unlikely we would make the sale as long as our
headhunters were head hunting.

Yes, a different structure was needed.

v2.23.0 | Report a Bug | By Email