IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Tony Rutkowski <trutkowski.netmagic@gmail.com> Tue, 11 February 2020 15:30 UTC

Return-Path: <trutkowski.netmagic@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C8F01208AC for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 07:30:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8dMVBwl7emwa for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 07:30:51 -0800 (PST)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2127812084F for <saag@ietf.org>; Tue, 11 Feb 2020 07:30:51 -0800 (PST)
Received: by mail-qk1-x730.google.com with SMTP id v2so5528853qkj.2 for <saag@ietf.org>; Tue, 11 Feb 2020 07:30:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:reply-to:subject:to:cc:references:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=wwtoZjnSu1ebB/2ODKMO1Rg5nEgGVE4jzAyNsSxunZI=; b=Ia/w1vUs6aGHTVKvcWiXKRy1fiyiCj6/1ktkVT4Ww+3Wn9fRPD4Jjh1ut7KhsMHdK/ xSy11v6L0c/lv5OF0ciIOyCCXSWOCsVrxHpCEUi1sEp/ucwplWj2Q5Awkr+nQtm2GZN4 7ayJmMHqfbR6fPMAgmd4EyyCJDEp5KLe79oRT5vcF8JN0BLpVg7xcLi7LTH1FJoF/eQR CTOz+VP94sD8Ia2FFz1Hs8kmLSukm4U3ZyMmuh8Sjx/N0K6qwLuwv/RhfZjylg/jVEh5 o9GVtoz90rttihkkbFHrWjOi64CTIQuliPeUbYmhFegGCGuF3QoNK4xPrQFWNmSwGL83 zTeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:reply-to:subject:to:cc:references :organization:message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding:content-language; bh=wwtoZjnSu1ebB/2ODKMO1Rg5nEgGVE4jzAyNsSxunZI=; b=oYFQCJfDhLwYMM7o4WyBR3RUeyTepQKsGiILWcPugRHPbEYxmiIvwbQlsru4+yFTe1 7B8Wi25eV3sOy7TswGT1SRneAiGk4lgIin3FbpQ6bKit1Y07n6kHOYTjDu6d0e6WUXjr rhXYM52dIpNEi14AxyvCJ0V/isg9GQuadAmJ1WKNF2GI1bkjf2A26guXSwC8ozUJQj75 WsHzfEGHtueYDbnkiK+iwbEnmvBw3QsNjqX3a9j5I872u4OwIeF629uiSVFiZQIP/vKk 9Dq8FeNB0SqkW3CXf9HWrwtFYwnaE/OSTiN3izrBQQUjdEpH3I5YBXrBUv4DmSYLLVrr YTpw==
X-Gm-Message-State: APjAAAV5fDcK4EJRM3YRvICu2fJeSxjVCpjyWlkoHL2N1vkF7hmB7uQu B8o0RNJGmQldONl/1WDq90ogixU2
X-Google-Smtp-Source: APXvYqyiB5mhb8fiBIxZbsVDUPZWV/tG4HQcb6wu1fJ+W5BE7G5OrgwJgPW5YFmnTz40lzZelf+KUw==
X-Received: by 2002:a05:620a:1530:: with SMTP id n16mr3241589qkk.394.1581435049748; Tue, 11 Feb 2020 07:30:49 -0800 (PST)
Received: from [192.168.1.53] (pool-70-106-222-98.clppva.fios.verizon.net. [70.106.222.98]) by smtp.gmail.com with ESMTPSA id w1sm2356772qtk.31.2020.02.11.07.30.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 11 Feb 2020 07:30:48 -0800 (PST)
From: Tony Rutkowski <trutkowski.netmagic@gmail.com>
X-Google-Original-From: Tony Rutkowski <trutkowski@netmagic.com>
Reply-To: trutkowski@netmagic.com
To: Derek Atkins <derek@ihtfp.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Cc: saag@ietf.org
References: <157762745765.1150.7880025422884493076@ietfa.amsl.com> <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku> <8ccb201a00d4e693c882225170ca424f.squirrel@mail2.ihtfp.org> <3643.1581431204@dooku> <a8435b3674ac1a98820e7dd653725613.squirrel@mail2.ihtfp.org>
Organization: Netmagic Associates LLC
Message-ID: <1fe3db74-061a-d241-b9eb-316d2165307c@netmagic.com>
Date: Tue, 11 Feb 2020 10:30:48 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2
MIME-Version: 1.0
In-Reply-To: <a8435b3674ac1a98820e7dd653725613.squirrel@mail2.ihtfp.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/TV5raY7KaZHMUn7shH5v1yL7Tww>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 15:30:53 -0000

Hi Derek,

The market was a minor factor.  PKI invokes more legal and public policy 
considerations than probably any other electronic communication sector.  
It emerged as a governmental platform for trusted identity management 
and was pursued in intergovernmental bodies with links into treaty 
instruments.

The ILPF very quickly came to focus almost exclusively on PKI in work 
led by Stewart Baker who had just left as NSA's GC. Verisign's early 
hire was Michael Baum who as Vice President of Practices and External 
Affairs, helped enable the marketplace by dealing with legal issues, and 
played a major role in getting PKI accepted worldwide. (Acknowledgement: 
I was also a VeriSign VP and a lawyer.)

PKI is a fundamental part of the EU's regional security strategy, as it 
is in most nations.  PKI implementations also dramatically shape 
marketplace competition - a subject now of rather intense scrutiny on 
both sides of the pond - and culpability extends both to individuals and 
standards bodies.

--tony

On 2020-02-11 9:40 AM, Derek Atkins wrote:
> On Tue, February 11, 2020 9:26 am, Michael Richardson wrote:
>> Derek Atkins <derek@ihtfp.com> wrote:
> [snip]
>>      > Should this document also include the history of other PKIs, such as
>> SPKI
>>      > and/or OpenPGP's WoT?  I think it would be interesting to put an
>>      > historical contrast on the visions behind the various
>> methods/standards
>>      > and perhaps try to document the reasons (if possible) that "market
>> forces"
>>      > took us in one direction vs another.
>>
>> Yes, I think that it has to.
>>
>> Each evolved either as a response to X509.  Restating 2692/2693 or the
>> design
>> requirements for OpenPGP is not called for; distilling what criticism were
>> in
>> common and why SPKI did not fly is important.  And is there something
>> technical wrong with OpenPGP, or are we dealing with implementation
>> issues?
> My personal opinion is that it was neither a technical issue nor an
> implementation issue that caused the market to choose X509 vs OpenPGP, but
> rather a philosophical issue (or perhaps business-money-making choices).
>
> On the other hand, if we're going to rehash the design requirements for
> X.509, I think it makes sense to also rehash the differences in
> requirements for SPKI and OpenPGP (and maybe even DNSSec).  Specifically,
> it's important to discuss how they differed, but also in what ways they
> overlapped.  I do agree we don't need to go into the full history of all
> of them (including X.509).
>
> Again, this is just my opinion from someone who was deep in the trenches
> back in the 1990s.
>
> -derek
>

v2.23.0 | Report a Bug | By Email