Re: [saag] On PKI vs. Pinning (SAAG 108 preview)
Ben Laurie <ben@links.org> Tue, 28 July 2020 19:56 UTC
Return-Path: <benlaurie@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32BAA3A0BF6 for <saag@ietfa.amsl.com>; Tue, 28 Jul 2020 12:56:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KxZubBW7jtBt for <saag@ietfa.amsl.com>; Tue, 28 Jul 2020 12:56:45 -0700 (PDT)
Received: from mail-io1-f47.google.com (mail-io1-f47.google.com [209.85.166.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 734913A0BF0 for <saag@ietf.org>; Tue, 28 Jul 2020 12:56:45 -0700 (PDT)
Received: by mail-io1-f47.google.com with SMTP id k23so22040141iom.10 for <saag@ietf.org>; Tue, 28 Jul 2020 12:56:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qqbI7tA47XstyNGLeMV44CbpHn4TtX/KTdOrfWcPfIU=; b=r6NS5IsQWc3/sTZaZZngWKG3PWmb6yT6cj8I7P8rNGnzKxZUbPOOp5msormxPxUXZt pHJX+kpzpkv+yKvAxrIABAaI+3xmUB8D+LjHw2ZWcV+4GYAQX2EpLnpc51VkXlmxYyyb xtGJ3ikWn5qqwUpMSeHe2RqC21Tu4+mxsnmCNF14zE6n+StCholvwueIuJ58+mDErJu3 dH7ZoZ3z9EhlMFqWDfFJ9QDVdqYpwNIJgTjiwZp6fTQxZOocjQwU+4bxTOoUPbOEZKmb FQL65eErmt840CgxkavRqe/PLdVxhhFZdevNM+hUbPcZWJ/yeD98hhXvwOXzm3rfLzdg Dfzw==
X-Gm-Message-State: AOAM533FclfVjz6P+++0JDv7yKdDZvddiGVUll7f1QH25DZeV9VxbHcr i0kFg9AHC+DjkZ6bRsbtyJTOPYI3A3sWZttNRTtrmeB1
X-Google-Smtp-Source: ABdhPJxhcUK3SyFWNm1cLnkA6mdAl32rJJI615hH4nF2LlJf+8oue1DKrOqw0/j/7m/ZDPE5pxnNoZe9vp8N7pgPRkU=
X-Received: by 2002:a5d:9a99:: with SMTP id c25mr12587710iom.116.1595966204387; Tue, 28 Jul 2020 12:56:44 -0700 (PDT)
MIME-Version: 1.0
References: <20200728191331.GV41010@kduck.mit.edu> <e928e548-f82d-2809-200e-0fc4ac93db14@cs.tcd.ie> <20200728194235.GY41010@kduck.mit.edu> <1c4951d6-a67c-47c6-315e-2ad3776c94ec@cs.tcd.ie>
In-Reply-To: <1c4951d6-a67c-47c6-315e-2ad3776c94ec@cs.tcd.ie>
From: Ben Laurie <ben@links.org>
Date: Tue, 28 Jul 2020 20:56:33 +0100
Message-ID: <CAG5KPzx0RsYmS8E78Giz5we6bgOmwMvTUH6q_Qk-2gfSVFsLGg@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Benjamin Kaduk <kaduk@mit.edu>, IETF Security Area Advisory Group <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000afa86105ab85d65f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Hz6s17iKvxx8v4bt5xaErwHo2dM>
Subject: Re: [saag] On PKI vs. Pinning (SAAG 108 preview)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 19:56:48 -0000
I'm a little surprised by this conversation. Why would SAAG want to support a practice that flies in the face of everything we know about key management? On Tue, 28 Jul 2020 at 20:49, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 28/07/2020 20:42, Benjamin Kaduk wrote: > > Sorry for the clumsy description. Basically, if you squint hard, you > could > > claim that at least some types of pinning are actually a PKI, just a > > degenerate PKI. > > Ah gotcha. > > ISTM more useful to treat pinning as an adjunct to whatever > PKI is used by the application that can be MITM'd and not > bother with pinning as a potential replacement for that > PKI. There's nothing wrong with an application being based > on it's very-own PKI of course, but seems less useful for > the IETF to try describe pinning for custom protocols where > we don't know the details. > > Cheers, > S. > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag >
- Re: [saag] height of PKI Russ Housley
- [saag] On PKI vs. Pinning (SAAG 108 preview) Benjamin Kaduk
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Benjamin Kaduk
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Ben Laurie
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Salz, Rich
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Carsten Bormann
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Ben Laurie
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Benjamin Kaduk
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Eric Rescorla
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Peter Gutmann
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Yaron Sheffer
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Richard Barnes
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Daniel Migault
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Martin Thomson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Christian Huitema
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Yaron Sheffer
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Yaron Sheffer
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Viktor Dukhovni
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Viktor Dukhovni
- [saag] height of PKI Michael Richardson
- Re: [saag] height of PKI Viktor Dukhovni
- Re: [saag] height of PKI Michael Richardson
- Re: [saag] height of PKI Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Eric Rescorla
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell