Re: [saag] IETF 93 Agenda Request - Key Discovery
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 16 July 2015 18:57 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79F421B2ED0 for <saag@ietfa.amsl.com>; Thu, 16 Jul 2015 11:57:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8iynihM4ktJe for <saag@ietfa.amsl.com>; Thu, 16 Jul 2015 11:57:29 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDE7E1B2ECF for <saag@ietf.org>; Thu, 16 Jul 2015 11:57:29 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 89E14284D2B; Thu, 16 Jul 2015 18:57:28 +0000 (UTC)
Date: Thu, 16 Jul 2015 18:57:28 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20150716185728.GM28047@mournblade.imrryr.org>
References: <55A7F601.9040902@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <55A7F601.9040902@cisco.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/JHkM-V17TXI-EuRHZ8aGGMbjdy4>
Subject: Re: [saag] IETF 93 Agenda Request - Key Discovery
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: saag@ietf.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 18:57:31 -0000
On Thu, Jul 16, 2015 at 12:20:49PM -0600, ? Matt Miller wrote: > I would like to request a 10 minute slot during SAAG on Thursday to > discuss entity key discovery and < > https://tools.ietf.org/html/draft-miller-saag-key-discovery-00 >. Sorry, I won't be in Prague. A few concerns: * Retrieval of unencrypted private keys over HTTPS seems rather risky (perhaps a bad precedent). One might instead specify that these are to made available as PKCS#12 or similar objects that support passphrase encryption. The client would then extract the secret keys by using local knowledge of the applicable passphrase. * Finally, I am skeptical that the WebPKI CAs are a good fit for key management beyond the usual web server certificates. Trusting all of the usual suspects to also secure public keys for long-term content encryption (S/MIME, ...) not just authentication keys for web servers should not be done lightly. Perhaps this is a space, where proof of control of the domain needs to be stronger than WebPKI DV certs. As I see it the confidence in the validity of a certificate is: EV >> DANE >> DV Since EV does won't scale to provide universal coverage, this is a space in which HTTPS with WebPKI may be inadequate. * This seems to want to support public-key lookup for email accounts. You're perhaps aware of the DANE WG drafts in this space, perhaps these should be at least mentioned. Do we want competing (proposed) standards in this space? -- Viktor.
- [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Phillip Hallam-Baker
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Russ Housley
- Re: [saag] IETF 93 Agenda Request - Key Discovery 🔓Dan Wing
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Phil Hunt
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery ⌘ Matt Miller
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] SASL for mail, was IETF 93 Agenda Requ… John Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Richard Barnes
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery John R Levine
- Re: [saag] IETF 93 Agenda Request - Key Discovery Benjamin Kaduk
- Re: [saag] IETF 93 Agenda Request - Key Discovery Viktor Dukhovni
- Re: [saag] IETF 93 Agenda Request - Key Discovery Chris Newman