IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

"Derek Atkins" <derek@ihtfp.com> Tue, 11 February 2020 14:40 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B095E12012C for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 06:40:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fBDPaaw3JjGt for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 06:40:29 -0800 (PST)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8ACC31200A4 for <saag@ietf.org>; Tue, 11 Feb 2020 06:40:29 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 9E1BFE203F; Tue, 11 Feb 2020 09:40:28 -0500 (EST)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 22404-01; Tue, 11 Feb 2020 09:40:27 -0500 (EST)
Received: by mail2.ihtfp.org (Postfix, from userid 48) id 67FABE2040; Tue, 11 Feb 2020 09:40:27 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1581432027; bh=SAJXZX0KQZjc7YkFntq6YPXQSkxmcZ8x0EyIgui40gI=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=ZOa6kWfRMlEHUKEjL+QRTH3w0meCtQKxHVdW7SUH+/LmkBTF2cWCUbKSTf+uTBvf4 MPc4V1k37EBqTaQNDTppLZ2XmgjgKZW1e3PRzmxpXXpZrUxe+ao9V2P+Sv35QzDonv 9PVWlfnL1RnlY39LIZ8EZw98mM9ReoHAJE8zAzc4=
Received: from 192.168.2.67 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Tue, 11 Feb 2020 09:40:27 -0500
Message-ID: <a8435b3674ac1a98820e7dd653725613.squirrel@mail2.ihtfp.org>
In-Reply-To: <3643.1581431204@dooku>
References: <157762745765.1150.7880025422884493076@ietfa.amsl.com> <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku> <8ccb201a00d4e693c882225170ca424f.squirrel@mail2.ihtfp.org> <3643.1581431204@dooku>
Date: Tue, 11 Feb 2020 09:40:27 -0500
From: Derek Atkins <derek@ihtfp.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Derek Atkins <derek@ihtfp.com>, saag@ietf.org
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/BlhmJfXovEtfv2QiJ_Q1dOmkvJI>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 14:40:31 -0000

On Tue, February 11, 2020 9:26 am, Michael Richardson wrote:
>
> Derek Atkins <derek@ihtfp.com> wrote:
[snip]
>     > Should this document also include the history of other PKIs, such as
> SPKI
>     > and/or OpenPGP's WoT?  I think it would be interesting to put an
>     > historical contrast on the visions behind the various
> methods/standards
>     > and perhaps try to document the reasons (if possible) that "market
> forces"
>     > took us in one direction vs another.
>
> Yes, I think that it has to.
>
> Each evolved either as a response to X509.  Restating 2692/2693 or the
> design
> requirements for OpenPGP is not called for; distilling what criticism were
> in
> common and why SPKI did not fly is important.  And is there something
> technical wrong with OpenPGP, or are we dealing with implementation
> issues?

My personal opinion is that it was neither a technical issue nor an
implementation issue that caused the market to choose X509 vs OpenPGP, but
rather a philosophical issue (or perhaps business-money-making choices).

On the other hand, if we're going to rehash the design requirements for
X.509, I think it makes sense to also rehash the differences in
requirements for SPKI and OpenPGP (and maybe even DNSSec).  Specifically,
it's important to discuss how they differed, but also in what ways they
overlapped.  I do agree we don't need to go into the full history of all
of them (including X.509).

Again, this is just my opinion from someone who was deep in the trenches
back in the 1990s.

-derek

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

v2.23.0 | Report a Bug | By Email