[saag] Direct trust between users
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 24 April 2019 17:56 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFBEC12017D for <saag@ietfa.amsl.com>; Wed, 24 Apr 2019 10:56:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.353
X-Spam-Level: ***
X-Spam-Status: No, score=3.353 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, GB_SUMOF=5, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AsatV6v4JffT for <saag@ietfa.amsl.com>; Wed, 24 Apr 2019 10:56:50 -0700 (PDT)
Received: from mail-oi1-f181.google.com (mail-oi1-f181.google.com [209.85.167.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF75412011E for <saag@ietf.org>; Wed, 24 Apr 2019 10:56:50 -0700 (PDT)
Received: by mail-oi1-f181.google.com with SMTP id w139so14995286oie.9 for <saag@ietf.org>; Wed, 24 Apr 2019 10:56:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7vQT5XfQKgad0MPyJyMnR0OHjBTFLgGNePYjgUKeTvQ=; b=VUqHFZUSFgsZ9sJ+r13zOMSakSs5v9WXtfbuBB3Ua0yCzjpB8l68g4cJLdpY1c89sB QFdCDz1v/806ljgnrP0CZ4G39H1azuEJOZgv90Lk6SV6rHJufXnBwcoaBF38gWrnQ+iq 8+4OAVPW1EhCEZdkkXbSTwxN732+dhCakzr0vAOJZqaMunl4ofpMR55yxlaUZPHTQ8bm xtYa6LkFemBFdpsMQL/LS0zKYul/kspLH7vKgVv2gxqFp/0xXO7jcKUNAitzAWcVEbUI DMDJZ00IGvGvWuLJqiAvqMOpm+5vkzGsSHB9ICSrxZWB4pHOBoaj+YpLwyXKymebpCKE PmXQ==
X-Gm-Message-State: APjAAAWiA41XEBZcToTfusdM31xQjyke9WtKs9d273X9BkPan3DXakUx 6M2MaEajMI2qYamBs3ryOM+4/FV4Bpy5JC83gUFtdsAP
X-Google-Smtp-Source: APXvYqy0dU99ijFv3GfJ1VVvLzA9ORfIJijnAo4Fo3SdHRrRcHWbXHraXqxOLZgMeIHbE7ncm8qQXNwVs/vg1SVuQZo=
X-Received: by 2002:aca:5c55:: with SMTP id q82mr205449oib.95.1556128609565; Wed, 24 Apr 2019 10:56:49 -0700 (PDT)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 24 Apr 2019 13:56:40 -0400
Message-ID: <CAMm+LwheS8mP8guk4++VNSfcp19kqcOZLxCHaV0=F02xyc7Aow@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ff7ff405874a6cd5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/CkTywlyoCxLxFfx-hX4V4TPXkYU>
Subject: [saag] Direct trust between users
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 17:56:53 -0000
Nico asked about the Mesh Trust model and I said that I was trying to avoid imposing one. I do have metrics for measuring the quality of trust established in terms of a work factor however: http://mathmesh.com/Documents/draft-hallambaker-mesh-trust.html This is not a computational work factor as we are used to. It is a social work factor nominally denominated in currency (USD) and bounded in time. Let us say that we did some key signing even open to IETF meeting attendees only. It would cost an attacker $325 plus travel minimum to impersonate me. Not an impossible sum if they really really want to impersonate me but enough to stop a large number of attacks. Furthermore, there is a significant risk of being caught if they attempt the impersonation on any large scale. So the social work factor might be $1000. Now lets enroll the assertion provided in a blockchain. We don't need proof of work to do blockchain. All we need to do is to have multiple notaries and cross certify between them so that the work factor of each notary reaches the sum of the work factors of all the blockchains on the planet within 24 hours. People can do proof of work if they like but nobody can exceed the work factor of the metanotary because we will add their output to the metanotary as an input. I think we can assume the social work factor for metanotary.com is infinity. So we have an assertion that my public key is MC23-... dated 2019-Jul-18. It would have cost $1000 to forge that assertion before that date and $infinity to forge afterwards. That seems like a useful building block to incorporate into a system of trust. It is not going to be possible to use that approach in every situation but we can almost certainly use it in many situations. So why might we want to do key signing at IETFs? Well we write code and some of that code ends up on GitHub and makes its way into software used in the wild. So credentialling IETF-ers would be pretty useful. Credentialling the Linux Plumbers etc. is probably even more useful. Probably a good thing if we could do something at Black Hat or RSA. We could probably deliver a real improvement in the robustness of the Internet software development ecosystem if we produced a system serving 10,000 or so users and was never used by outside that community. So how might it work? I have done a few sketches but I haven't come to a firm conclusion on how to realize the crypto yet. The simplest user experience to implement would be to have an app for mobile devices that can be used to scan a dynamic QR code presented on a screen near the registration desk. This would provide the necessary crypto info to complete the key signing. We could go further and make it so that scanning the QR code tells the attendee which line to join and causes the registration staff to be told which badges to find next. The registration staff could then check government issued ID, hand over the badge and tell the system the ID matched.
- [saag] Direct trust between users Phillip Hallam-Baker
- Re: [saag] Direct trust between users Nico Williams
- Re: [saag] Direct trust between users Phillip Hallam-Baker
- Re: [saag] Direct trust between users Nico Williams
- Re: [saag] Direct trust between users Stephen Farrell
- Re: [saag] Direct trust between users Phillip Hallam-Baker
- Re: [saag] Direct trust between users Stephen Farrell
- Re: [saag] Direct trust between users Michael Richardson
- Re: [saag] Direct trust between users Phillip Hallam-Baker
- Re: [saag] Direct trust between users Nico Williams
- Re: [saag] Direct trust between users Phillip Hallam-Baker
- Re: [saag] Direct trust between users Ben Laurie
- Re: [saag] Direct trust between users Ben Laurie
- Re: [saag] Direct trust between users Phillip Hallam-Baker