Re: [saag] post-X509 cryptographic identities
Tony Rutkowski <trutkowski.netmagic@gmail.com> Tue, 11 February 2020 15:30 UTC
Return-Path: <trutkowski.netmagic@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C8F01208AC for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 07:30:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8dMVBwl7emwa for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 07:30:51 -0800 (PST)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2127812084F for <saag@ietf.org>; Tue, 11 Feb 2020 07:30:51 -0800 (PST)
Received: by mail-qk1-x730.google.com with SMTP id v2so5528853qkj.2 for <saag@ietf.org>; Tue, 11 Feb 2020 07:30:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:reply-to:subject:to:cc:references:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=wwtoZjnSu1ebB/2ODKMO1Rg5nEgGVE4jzAyNsSxunZI=; b=Ia/w1vUs6aGHTVKvcWiXKRy1fiyiCj6/1ktkVT4Ww+3Wn9fRPD4Jjh1ut7KhsMHdK/ xSy11v6L0c/lv5OF0ciIOyCCXSWOCsVrxHpCEUi1sEp/ucwplWj2Q5Awkr+nQtm2GZN4 7ayJmMHqfbR6fPMAgmd4EyyCJDEp5KLe79oRT5vcF8JN0BLpVg7xcLi7LTH1FJoF/eQR CTOz+VP94sD8Ia2FFz1Hs8kmLSukm4U3ZyMmuh8Sjx/N0K6qwLuwv/RhfZjylg/jVEh5 o9GVtoz90rttihkkbFHrWjOi64CTIQuliPeUbYmhFegGCGuF3QoNK4xPrQFWNmSwGL83 zTeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:reply-to:subject:to:cc:references :organization:message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding:content-language; bh=wwtoZjnSu1ebB/2ODKMO1Rg5nEgGVE4jzAyNsSxunZI=; b=oYFQCJfDhLwYMM7o4WyBR3RUeyTepQKsGiILWcPugRHPbEYxmiIvwbQlsru4+yFTe1 7B8Wi25eV3sOy7TswGT1SRneAiGk4lgIin3FbpQ6bKit1Y07n6kHOYTjDu6d0e6WUXjr rhXYM52dIpNEi14AxyvCJ0V/isg9GQuadAmJ1WKNF2GI1bkjf2A26guXSwC8ozUJQj75 WsHzfEGHtueYDbnkiK+iwbEnmvBw3QsNjqX3a9j5I872u4OwIeF629uiSVFiZQIP/vKk 9Dq8FeNB0SqkW3CXf9HWrwtFYwnaE/OSTiN3izrBQQUjdEpH3I5YBXrBUv4DmSYLLVrr YTpw==
X-Gm-Message-State: APjAAAV5fDcK4EJRM3YRvICu2fJeSxjVCpjyWlkoHL2N1vkF7hmB7uQu B8o0RNJGmQldONl/1WDq90ogixU2
X-Google-Smtp-Source: APXvYqyiB5mhb8fiBIxZbsVDUPZWV/tG4HQcb6wu1fJ+W5BE7G5OrgwJgPW5YFmnTz40lzZelf+KUw==
X-Received: by 2002:a05:620a:1530:: with SMTP id n16mr3241589qkk.394.1581435049748; Tue, 11 Feb 2020 07:30:49 -0800 (PST)
Received: from [192.168.1.53] (pool-70-106-222-98.clppva.fios.verizon.net. [70.106.222.98]) by smtp.gmail.com with ESMTPSA id w1sm2356772qtk.31.2020.02.11.07.30.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 11 Feb 2020 07:30:48 -0800 (PST)
From: Tony Rutkowski <trutkowski.netmagic@gmail.com>
X-Google-Original-From: Tony Rutkowski <trutkowski@netmagic.com>
Reply-To: trutkowski@netmagic.com
To: Derek Atkins <derek@ihtfp.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Cc: saag@ietf.org
References: <157762745765.1150.7880025422884493076@ietfa.amsl.com> <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku> <8ccb201a00d4e693c882225170ca424f.squirrel@mail2.ihtfp.org> <3643.1581431204@dooku> <a8435b3674ac1a98820e7dd653725613.squirrel@mail2.ihtfp.org>
Organization: Netmagic Associates LLC
Message-ID: <1fe3db74-061a-d241-b9eb-316d2165307c@netmagic.com>
Date: Tue, 11 Feb 2020 10:30:48 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2
MIME-Version: 1.0
In-Reply-To: <a8435b3674ac1a98820e7dd653725613.squirrel@mail2.ihtfp.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/TV5raY7KaZHMUn7shH5v1yL7Tww>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 15:30:53 -0000
Hi Derek, The market was a minor factor. PKI invokes more legal and public policy considerations than probably any other electronic communication sector. It emerged as a governmental platform for trusted identity management and was pursued in intergovernmental bodies with links into treaty instruments. The ILPF very quickly came to focus almost exclusively on PKI in work led by Stewart Baker who had just left as NSA's GC. Verisign's early hire was Michael Baum who as Vice President of Practices and External Affairs, helped enable the marketplace by dealing with legal issues, and played a major role in getting PKI accepted worldwide. (Acknowledgement: I was also a VeriSign VP and a lawyer.) PKI is a fundamental part of the EU's regional security strategy, as it is in most nations. PKI implementations also dramatically shape marketplace competition - a subject now of rather intense scrutiny on both sides of the pond - and culpability extends both to individuals and standards bodies. --tony On 2020-02-11 9:40 AM, Derek Atkins wrote: > On Tue, February 11, 2020 9:26 am, Michael Richardson wrote: >> Derek Atkins <derek@ihtfp.com> wrote: > [snip] >> > Should this document also include the history of other PKIs, such as >> SPKI >> > and/or OpenPGP's WoT? I think it would be interesting to put an >> > historical contrast on the visions behind the various >> methods/standards >> > and perhaps try to document the reasons (if possible) that "market >> forces" >> > took us in one direction vs another. >> >> Yes, I think that it has to. >> >> Each evolved either as a response to X509. Restating 2692/2693 or the >> design >> requirements for OpenPGP is not called for; distilling what criticism were >> in >> common and why SPKI did not fly is important. And is there something >> technical wrong with OpenPGP, or are we dealing with implementation >> issues? > My personal opinion is that it was neither a technical issue nor an > implementation issue that caused the market to choose X509 vs OpenPGP, but > rather a philosophical issue (or perhaps business-money-making choices). > > On the other hand, if we're going to rehash the design requirements for > X.509, I think it makes sense to also rehash the differences in > requirements for SPKI and OpenPGP (and maybe even DNSSec). Specifically, > it's important to discuss how they differed, but also in what ways they > overlapped. I do agree we don't need to go into the full history of all > of them (including X.509). > > Again, this is just my opinion from someone who was deep in the trenches > back in the 1990s. > > -derek >
- [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Derek Atkins
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Derek Atkins
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Watson Ladd
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Peter Gutmann
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Tony Finch
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Watson Ladd
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Viktor Dukhovni
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Finch
- Re: [saag] post-X509 cryptographic identities Michael Richardson