IETF Logo Mail Archive

Re: [saag] Direct trust between users

Nico Williams <nico@cryptonector.com> Wed, 24 April 2019 18:26 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41F4B120100 for <saag@ietfa.amsl.com>; Wed, 24 Apr 2019 11:26:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SOa4u9j-hCvS for <saag@ietfa.amsl.com>; Wed, 24 Apr 2019 11:26:52 -0700 (PDT)
Received: from quail.birch.relay.mailchannels.net (quail.birch.relay.mailchannels.net [23.83.209.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F24B3120126 for <saag@ietf.org>; Wed, 24 Apr 2019 11:26:51 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id BA68C141CBF; Wed, 24 Apr 2019 18:26:50 +0000 (UTC)
Received: from pdx1-sub0-mail-a82.g.dreamhost.com (100-96-12-146.trex.outbound.svc.cluster.local [100.96.12.146]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id EBA23142B8D; Wed, 24 Apr 2019 18:26:49 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a82.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Wed, 24 Apr 2019 18:26:50 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Eyes-Stretch: 6510e1384a10a6c1_1556130410415_3697750952
X-MC-Loop-Signature: 1556130410415:1549506737
X-MC-Ingress-Time: 1556130410414
Received: from pdx1-sub0-mail-a82.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a82.g.dreamhost.com (Postfix) with ESMTP id 269557FE9E; Wed, 24 Apr 2019 11:26:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=mvADs1VtcODK20 YMl4/BcTm5d7k=; b=s7AVJbIKRrDnU1S4LsGjdBy5GgqQyfFPS8UYBtRmpSyShX G7iIE048+UTQ/GE/1adMOMJCBBlOrrDrbmf9K79r0/iZTUcwxNmZj0bjFlBNdJVY r/aDjeHPXQe/xkrHoAKlA9F5QbMcmTCS8LbWm6+Z4zpfY/KFiRf4ggleo3PRw=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a82.g.dreamhost.com (Postfix) with ESMTPSA id DDAB77FE9F; Wed, 24 Apr 2019 11:26:44 -0700 (PDT)
Date: Wed, 24 Apr 2019 13:26:42 -0500
X-DH-BACKEND: pdx1-sub0-mail-a82
From: Nico Williams <nico@cryptonector.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: IETF SAAG <saag@ietf.org>
Message-ID: <20190424182641.GL3137@localhost>
References: <CAMm+LwheS8mP8guk4++VNSfcp19kqcOZLxCHaV0=F02xyc7Aow@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+LwheS8mP8guk4++VNSfcp19kqcOZLxCHaV0=F02xyc7Aow@mail.gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduuddrhedvgddvudcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/N05TGvuE-rvGsd5i5CRJDvy02jw>
Subject: Re: [saag] Direct trust between users
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 18:26:54 -0000

On Wed, Apr 24, 2019 at 01:56:40PM -0400, Phillip Hallam-Baker wrote:
> So we have an assertion that my public key is MC23-... dated 2019-Jul-18.
> It would have cost $1000 to forge that assertion before that date and
> $infinity to forge afterwards.

ISTM that it's $1000 (or whatever) the first and _every_ time.  That's
because the blockchain will have to support the "help, I've lost my one
and only device!" or "help, I've lost all my devices!" cases.

E.g., you're on a plane that lands on the Hudson river and you have to
leave everything behind, including your laptop, tablet, and phone, and
you're thousands of miles away from your desktop device or backups.
Now, you could just cancel everything and fly home (after drying up
anyways), but this may be very costly in time and money so you probably
won't want to.

> So why might we want to do key signing at IETFs?
> 
> Well we write code and some of that code ends up on GitHub and makes its
> way into software used in the wild. So credentialling IETF-ers would be
> pretty useful. Credentialling the Linux Plumbers etc. is probably even more
> useful. Probably a good thing if we could do something at Black Hat or RSA.
> 
> We could probably deliver a real improvement in the robustness of the
> Internet software development ecosystem if we produced a system serving
> 10,000 or so users and was never used by outside that community.

I agree with this.

> So how might it work?
> 
> I have done a few sketches but I haven't come to a firm conclusion on how
> to realize the crypto yet.

It's a PGP-alike with a blockchain and with keyservers that participate
in the blockchain, and a few very popular people (or conferences, or
even large corporations) who act as notable notaries.  Without a work
factor this is a like like a distributed Merkle hash tree.

> The simplest user experience to implement would be to have an app for
> mobile devices that can be used to scan a dynamic QR code presented on a
> screen near the registration desk. This would provide the necessary crypto
> info to complete the key signing.

We're assuming trusted devices, but we practically have to anyways, so,
sure.

> We could go further and make it so that scanning the QR code tells the
> attendee which line to join and causes the registration staff to be told
> which badges to find next. The registration staff could then check
> government issued ID, hand over the badge and tell the system the ID
> matched.

The ID check is not going to be that good.  As with PGP, having
something of a key signing party where people who know you vouch for you
(and vice-versa) seems better.  This is where a notion of security level
starts creeping in: do I trust the IETF registrar more than I trust an
IETF participant I've known for decades?  If I do take the registrar's
say-so at face value and have N>100 interactions with you where I have
every reason to think it's you every time, does the security level go
up, and do I get to say that or does it happen automatically?

Nico
--

v2.23.0 | Report a Bug | By Email