IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Nico Williams <nico@cryptonector.com> Tue, 11 February 2020 16:57 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADF0B120164 for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 08:57:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tf_u8q1R0Ovz for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 08:57:29 -0800 (PST)
Received: from crocodile.birch.relay.mailchannels.net (crocodile.birch.relay.mailchannels.net [23.83.209.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73E32120802 for <saag@ietf.org>; Tue, 11 Feb 2020 08:57:29 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id C108721DD0; Tue, 11 Feb 2020 16:57:27 +0000 (UTC)
Received: from pdx1-sub0-mail-a89.g.dreamhost.com (100-96-215-16.trex.outbound.svc.cluster.local [100.96.215.16]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 048C821AC4; Tue, 11 Feb 2020 16:57:27 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a89.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Tue, 11 Feb 2020 16:57:27 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Company-Gusty: 692941c75d54f92f_1581440247457_2057919622
X-MC-Loop-Signature: 1581440247457:2067147454
X-MC-Ingress-Time: 1581440247457
Received: from pdx1-sub0-mail-a89.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a89.g.dreamhost.com (Postfix) with ESMTP id B23277E5F9; Tue, 11 Feb 2020 08:57:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=Bbp9Q9qbcxKCrq e2Wh5glemLXr8=; b=IgvFwWP9WSFRVf1XYbT6syimCGyhr7C7ESVCU/V7K9neCg YOXWjW4Q1vWwkkcTotxGU9OtFlN27wbi0wjgMRMC7UkqbMlDkn7eopb45quONpvP CfyrQ5u1bhlM1zxjriIYt8YZOOroGYwGNnOCzHafn7D5ebRF69HvxJQBHSX9w=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a89.g.dreamhost.com (Postfix) with ESMTPSA id 39C797E610; Tue, 11 Feb 2020 08:57:23 -0800 (PST)
Date: Tue, 11 Feb 2020 10:57:21 -0600
X-DH-BACKEND: pdx1-sub0-mail-a89
From: Nico Williams <nico@cryptonector.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, saag@ietf.org
Message-ID: <20200211165720.GH18021@localhost>
References: <157762745765.1150.7880025422884493076@ietfa.amsl.com> <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <26497.1581418516@dooku>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieefgdekjecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomh
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/L8DILBrEl9VwYKg0eMfMla_QVvM>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 16:57:32 -0000

On Tue, Feb 11, 2020 at 11:55:16AM +0100, Michael Richardson wrote:
> Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote in a IETF-last call thread:
>     > Anyway overall I take this as more evidence that
>     > x.509-based pki has outlived it's useful lifetime.
>     > Given the webpki needs CT (which it totally does)
>     > and now maybe novel revocation mechanisms like this,
>     > (as well as soon-to-be PQ schemes if we believe
>     > what people tell us), I'd argue it may well be time
>     > to try see if there's any consensus on a post-x.509
>     > direction towards which to head.
> 
> I agree with you strongly.
> A centralized, single CRL from the single global PKI was certainly among the
> original ideas envisioned.
> Then we decentralized the PKI, add CT and added OCSP.
> 
> Now we are unifying again :-)
> Mozilla could, for instance, create a new higher-level CA, sign all of the
> existing trust anchors they ship, and effectively be back at X509.

The worst thing about x.509/PKIX was x.500 naming, and that's
essentially fixed by using appropriate SANs.  Sure, it's still awful
ugly on the inside, but the naming on the outside is now OK.

That leaves only one lasting bad thing about x.509/PKIX: revocation, and
the answers to that we already know and have and would implement for
PKIX as much as for any PK-based replacement.  Short-lived credentials,
CT, a real root (see below) -- these are things we know to do.

I wouldn't throw the baby out with the bathwater.

However, if we must, then naming is the first thing to get right.
Naming is where the crypto rubber meets the UI/UX road.

And can I refrain from mentioning that DNSSEC is the _only_ true rooted
PKI we've ever managed to deploy?  Evidently I can't.

Nico
--

v2.23.0 | Report a Bug | By Email