IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Tony Rutkowski <trutkowski.netmagic@gmail.com> Thu, 13 February 2020 17:34 UTC

Return-Path: <trutkowski.netmagic@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D2FC12007A for <saag@ietfa.amsl.com>; Thu, 13 Feb 2020 09:34:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bQqEamVSYsKt for <saag@ietfa.amsl.com>; Thu, 13 Feb 2020 09:34:17 -0800 (PST)
Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08A09120058 for <saag@ietf.org>; Thu, 13 Feb 2020 09:34:17 -0800 (PST)
Received: by mail-qt1-x843.google.com with SMTP id f3so4902328qtc.5 for <saag@ietf.org>; Thu, 13 Feb 2020 09:34:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:reply-to:subject:to:cc:references:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=lYsIFzQ0lSZYlKuCByOqJn2gPuwA3tyEzQZE7/I8wlU=; b=vD49+OJAYNbJ/W6OunPUJ6sP/T3VJlgAqmVawBQuDURu+2sfTNljnNReDWr1/jBXQh FizfpyVsVtVoiaCx0v39n0JUHz81YBZrJKxkNkXf3R1z6k4OcNG801XosTE69i9IsCS2 kvTjt2zFR9ZNW+MyFg2+rMZT1XCSVYfqPMhBtet33NwtJXOiBlNBXf7Cw/98JsQmEPTR H/VTtvWtrf607JH9A9VdWyVt8yPk9yf3jNq33R7z1J+2VEFWB912g3phYrDk/OuNBSs/ KqFBdAmYjxudj+pbR6MEwK60Df4vGsDqRaPOryN6XdcHlpw2nH7VdLzFL44cR6p1IJED kZ3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:reply-to:subject:to:cc:references :organization:message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding:content-language; bh=lYsIFzQ0lSZYlKuCByOqJn2gPuwA3tyEzQZE7/I8wlU=; b=X5aHBt1FRlM21YQyXpN7x2ZZxKUKXUXql2c1649f1/jcgkfyQJr1DudSWOj9mXmEXo ALKtlttYY8oogpggfWisxSs+zF0ax2+aceTZRRqyhhlH97BsrwpkfQ3ZqN1JfgVyKN+R CtOhYhpa90v0fQQYW4hK08zQc47nRj9o45W8e2xbZMIrGYA8VyFAGhO4mnpjpU5vijox hFRzwCpn/w6fHsBt+slpY8m//DINflpYGzvg1qdPfc5ZgfAb3gESmcnDAS4kT9Aupr7X tEiPmsOgbLv3fmw0KMdKt1GuHFV1k4A0JXeI5A8yLa9Ve+LeAxjHFDuvb9F2dXXBCuNP 4PsQ==
X-Gm-Message-State: APjAAAW3+yeJolTcKrkDjfgurHi61OmJxiieANyrFRopOuTkLvQ+9Kwv hjU/k7vSDY31+On0fGa7L/85dnaz
X-Google-Smtp-Source: APXvYqwM3VURqwmysHKNNFJz15yLRancUCdbvODMgC/79tQh99Hd9/hkzig4TBQkxPvOnclxv38plw==
X-Received: by 2002:ac8:42de:: with SMTP id g30mr24724856qtm.195.1581615255201; Thu, 13 Feb 2020 09:34:15 -0800 (PST)
Received: from [192.168.1.53] (pool-70-106-222-98.clppva.fios.verizon.net. [70.106.222.98]) by smtp.gmail.com with ESMTPSA id q130sm1615878qka.114.2020.02.13.09.34.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 13 Feb 2020 09:34:13 -0800 (PST)
From: Tony Rutkowski <trutkowski.netmagic@gmail.com>
X-Google-Original-From: Tony Rutkowski <trutkowski@netmagic.com>
Reply-To: trutkowski@netmagic.com
To: Nico Williams <nico@cryptonector.com>, Tony Finch <dot@dotat.at>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, saag@ietf.org
References: <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku> <20200212002125.GO18021@localhost> <alpine.DEB.2.20.2002131443470.25433@grey.csi.cam.ac.uk> <20200213171324.GP18021@localhost>
Organization: Netmagic Associates LLC
Message-ID: <d3d01f1f-5784-da84-1c59-e636d349bd2a@netmagic.com>
Date: Thu, 13 Feb 2020 12:34:12 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <20200213171324.GP18021@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/9qiWZzxsyPpexENGtXuwj4FTJJ8>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2020 17:34:19 -0000

Hi Nico,

We have had hierarchical trusted name systems for a while.  PSTN numbers 
still serve that function - which drove ENUM.

The old idealized legacy DNS model arguably disappeared with vigorous 
competition among alternative root servers, e.g, 1.1.1.1, 8.8.8.8, etc.

Then there is also the shift to E2E MEF Ethernet...or with DONA's Handle 
System.

All of this arguably underscores the continuing need for a trusted PKI 
cert.  As you note, sovereign registries have value.

--tony


On 2020-02-13 12:13 PM, Nico Williams wrote:
> On Thu, Feb 13, 2020 at 02:51:01PM +0000, Tony Finch wrote:
>> Nico Williams <nico@cryptonector.com> wrote:
>>> Can we move past domainnames?  Maybe.  What is realistic?
>>>
>>> One possibility is to do everything via smartphone apps, with app store
>>> operators acting as curators.  Naming would still be about (trade)marks
>>> (including icons, at least for those who are not sight-impaired), but we
>>> might get past domainnames.  Who wants such a world?
>> When I wonder about this kind of thing, I try to think about the
>> practicalities: would the OS vendors want to run registries for hundreds
>> of millions of names themselves, or would they prefer to outsource it?
> That's the gist, isn't it.  Registries.  Authorities.  Ultimately a tie
> to legal dispute resolution mechanisms.  Messy stuff.
>
> DNS was a worldwide revolution in naming affairs by creating a scalable,
> global registration and authority system to go with a scalable
> resolution system.
>
> (From a UI perspective, DNS is just an evolution: before we had names,
> after we had names.)
>
> DNS and the Internet created realities on the ground that sovereign
> entities had to recognize.  That seems likely an accident of DNS
> stepping into a vacuum.  Now that the vacuum has been filled, any
> replacement may well require significantly more willpower to establish.
>
>> Would the setup be something like certification authorities? How would
>> the namespace relate to the market structure: would they be parallel
>> like the DNS, or unrelated like WebPKI? Would we end up with something
>> like the CA/B forum, except also responsible for the top-level of the
>> namespace, and thus effectively performing the same function as ICANN?
> Yes, any future revolution in naming will have to deal with registries,
> and will have to deal with sovereign entities.
>
> Nico

v2.23.0 | Report a Bug | By Email