IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Nico Williams <nico@cryptonector.com> Mon, 17 February 2020 15:54 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45CF0120858 for <saag@ietfa.amsl.com>; Mon, 17 Feb 2020 07:54:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQcFqoAMggCw for <saag@ietfa.amsl.com>; Mon, 17 Feb 2020 07:54:27 -0800 (PST)
Received: from giraffe.ash.relay.mailchannels.net (giraffe.ash.relay.mailchannels.net [23.83.222.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E254B120086 for <saag@ietf.org>; Mon, 17 Feb 2020 07:54:23 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id F420E4008A1; Mon, 17 Feb 2020 15:54:18 +0000 (UTC)
Received: from pdx1-sub0-mail-a47.g.dreamhost.com (100-96-13-15.trex.outbound.svc.cluster.local [100.96.13.15]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 4AA86400F70; Mon, 17 Feb 2020 15:54:18 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a47.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Mon, 17 Feb 2020 15:54:18 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Hook-Shrill: 0c09aa0a516bfd36_1581954858760_3597458300
X-MC-Loop-Signature: 1581954858760:4028169800
X-MC-Ingress-Time: 1581954858760
Received: from pdx1-sub0-mail-a47.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a47.g.dreamhost.com (Postfix) with ESMTP id 9EE7783504; Mon, 17 Feb 2020 07:54:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=rfHG0z1nQ/eU/Q /376PG/JDNBFo=; b=qPyq5ViLt0Ah+deUDXP7W1kEhlVVfxuP2T6LCVYMkhk9xi BIXq9VUjjbPtdVm+MSGl+RFMW3ve0v/dX2ewDmyIMOhKZfEynWaMzhF2A4IS6SCl /T4apWQ5miLoJ+G9uwRt4Q0s2lpLbFLtBzLyKIfpIG3z0RCCjYinHXB+Gutnk=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a47.g.dreamhost.com (Postfix) with ESMTPSA id 9F6B483501; Mon, 17 Feb 2020 07:54:16 -0800 (PST)
Date: Mon, 17 Feb 2020 09:54:13 -0600
X-DH-BACKEND: pdx1-sub0-mail-a47
From: Nico Williams <nico@cryptonector.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: saag@ietf.org
Message-ID: <20200217155412.GC18021@localhost>
References: <ac360994-e747-6913-fdc3-19b7db2e00c3@netmagic.com> <3854.1581431519@dooku> <20200213174617.GQ18021@localhost> <18044.1581688781@dooku> <20200214203306.GW18021@localhost> <3586.1581771453@dooku> <20200215184827.GB18021@localhost> <3459.1581938558@dooku>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <3459.1581938558@dooku>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: 0
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrjeeigdekvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/MbuarCfzwJVR4rG3br8BIyHRYuQ>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2020 15:54:30 -0000

On Mon, Feb 17, 2020 at 12:22:38PM +0100, Michael Richardson wrote:
> Nico Williams <nico@cryptonector.com> wrote:
>     > Sounds like a matter definitions.
> 
> It's not.  It's critically important.
> PKIX has no way to name another trust anchor/namespace from within your
> current trust anchor/namespace.
> 
> X509 was architected on the "There shall be only one" principal, and
> all the patching we've had to do (from path name constraints to CT) is to
> deal the fact that this is not how things worked out.
> [In a strict hierarchal, top-down, PKI, I think a subservient CA would only
> ever be able to extend the DN, never change it. That is, constrained would
> have been implied]

I'm skeptical.  Extensions could have been added for dealing with this.

PKIX is extensible.  Protocols that use PKIX (e.g., TLS) are generally
extensible as well.

>     > Out of curiosity, why couldn't that have been done with PKIX?
> 
> Of course, you can write any ASN.1 you want, and you can encode SPKI
> concepts in ASN.1, but it wasn't done.

Aha!  :)

_Sometimes_ shoehorning a new thing into an existing system is a decent
recipe for success.

>     >> > (A relying party might need to change root trust anchors when
>     >> > traveling if they are forced to or want to change roots.)
>     >> 
>     >> Yes, possibly.  It's definitely an open question, and there is a
>     >> tussle there.
> 
>     > Sure.  At worst the traveler's origin country and destination might
>     > have conflicting requirements and even great firewalls.
> 
> So, just like with Netflix: do I get the access of the geo-location of my
> credit card, or the geolocation of my device?  Today, in Berlin, I can watch
> Big Bang Theory and Dr.Who on netflix (both licensed in Canada to Bell),
> while I can't watch Elementary [on Prime].

Exactly.

I don't relish a balkanized Internet, but I accept that national
sovereignty implies that has to be a possibility, and, in some cases
and places, a current reality.

I don't think DNS/DNSSEC/PKIX preclude that.  No, indeed, they do not.

But this thread has elucidated -for me- something important: it's
important to be able to name things in smaller-than-universal
namespaces, and it's important to be able to identify those namespaces
and their trust anchors.  DNS/DNSSEC almost by definition cannot provide
a solution for smaller-than-universal namespaces, but I don't see why
PKIX with appropriate extensions couldn't.  After all, WebPKI violates
PKIX's definitions, so other things too could reuse parts of PKIX and
change its semantics somewhat too.  Reusing and adapting PKIX is a
matter of taste, code reuse (or code non-reuse, even), and such
considerations.

Nico
--

v2.23.0 | Report a Bug | By Email