IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 11 February 2020 23:52 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1849012004C for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 15:52:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.5
X-Spam-Level: **
X-Spam-Status: No, score=2.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VvfwpV27GzVn for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 15:52:52 -0800 (PST)
Received: from relay.sandelman.ca (minerva.sandelman.ca [IPv6:2a01:7e00::3d:b000]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 324E412006D for <saag@ietf.org>; Tue, 11 Feb 2020 15:52:52 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [46.183.103.8]) by relay.sandelman.ca (Postfix) with ESMTPS id EAB871F459 for <saag@ietf.org>; Tue, 11 Feb 2020 23:52:49 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id C3EFA1A26AD; Wed, 12 Feb 2020 00:52:48 +0100 (CET)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: saag@ietf.org
In-reply-to: <db922345-12f5-33f6-2d85-01e858078ad7@cs.tcd.ie>
References: <157762745765.1150.7880025422884493076@ietfa.amsl.com> <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku> <db922345-12f5-33f6-2d85-01e858078ad7@cs.tcd.ie>
Comments: In-reply-to Stephen Farrell <stephen.farrell@cs.tcd.ie> message dated "Tue, 11 Feb 2020 21:05:50 +0000."
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.2.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 12 Feb 2020 00:52:48 +0100
Message-ID: <17390.1581465168@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/JZKW7KcLnyLNClFGKiYfAzsswqQ>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 23:52:54 -0000

Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
    > As a quote of mine seems to have started this...

:-)

    > On 11/02/2020 10:55, Michael Richardson wrote:
    >>
    >> Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote in a IETF-last call thread:
    >> > Anyway overall I take this as more evidence that
    >> > x.509-based pki has outlived it's useful lifetime.
    >> > Given the webpki needs CT (which it totally does)
    >> > and now maybe novel revocation mechanisms like this,
    >> > (as well as soon-to-be PQ schemes if we believe
    >> > what people tell us), I'd argue it may well be time
    >> > to try see if there's any consensus on a post-x.509
    >> > direction towards which to head.
    >>
    >> I agree with you strongly.

    > Great.

    > Unfortunately for me, I figure I disagree with the
    > direction of almost all the discussion in the rest
    > of this thread so far;-)

A bunch of people went into solution space without stopping to ask what went
well, and what didn't go well.

    > For me, I'd be interested in starting with a much
    > less ambitious goal, e.g. perhaps how to integrate
    > PQ algs into TLS and SSH without x.509, or maybe
    > whether we could do even better than ESNI inside
    > HTTPSSVC, or maybe if there's a way to unify smime
    > and pgp via new key packaging (that MUA folks would
    > accept). Or other relatively modest but still quite
    > hard things like those.

Those are interesting things; challenging to do without some lead people who
write MUAs.

would https://datatracker.ietf.org/doc/draft-birkholz-core-coid/ fit into
your idea?

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email