IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

"Derek Atkins" <derek@ihtfp.com> Tue, 11 February 2020 13:30 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F38A01200E7 for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 05:30:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MkOpUUFmHLPV for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 05:30:41 -0800 (PST)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41B85120127 for <saag@ietf.org>; Tue, 11 Feb 2020 05:30:41 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 19006E203F; Tue, 11 Feb 2020 08:30:40 -0500 (EST)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 20334-08; Tue, 11 Feb 2020 08:30:39 -0500 (EST)
Received: by mail2.ihtfp.org (Postfix, from userid 48) id 0D4B3E2040; Tue, 11 Feb 2020 08:30:39 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1581427839; bh=Cng0ZDoY3BAFa6w3uDNbYELVoRx6CGA66qvYHDPWq08=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=PDPR+G2f4IqPAsshkhrbMZ1kimBVnw73BaFVGq7p9L5WmmfEH34vtBnbyaFwOxsIT xaGdHBFijf8YC1wPOrQsfQxparStJ8O50YRMoh/vpuMVIoppVwyjIDyoGI88wWuigB N1ZOC8rYPEDWKzQC123Z0w2diwl/UpGvFw0UGdZo=
Received: from 192.168.2.67 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Tue, 11 Feb 2020 08:30:39 -0500
Message-ID: <8ccb201a00d4e693c882225170ca424f.squirrel@mail2.ihtfp.org>
In-Reply-To: <26497.1581418516@dooku>
References: <157762745765.1150.7880025422884493076@ietfa.amsl.com> <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku>
Date: Tue, 11 Feb 2020 08:30:39 -0500
From: Derek Atkins <derek@ihtfp.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, saag@ietf.org
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Z0-6kL_yYuPTHSRASGeS64S51a0>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 13:30:43 -0000

On Tue, February 11, 2020 5:55 am, Michael Richardson wrote:
>
[snip]
> I think that the document would say a series of things:
>   The designers of X500/X509 intended X, but it turned out that this
>   did not happen, and instead PKIX did Y.
>
> (One could substitute X=DN, Y=SAN for instance)
>
> I think that it is important for any new identity system to recognize what
> forces pushed us away from the original vision.
> We made engineering tradeoffs based upon time, code, bandwidth,
> round-trips
> and threats.   Not every such decision is still justified.
>
> So this requirements document would essentially be some kind of loving
> criticism.

Should this document also include the history of other PKIs, such as SPKI
and/or OpenPGP's WoT?  I think it would be interesting to put an
historical contrast on the visions behind the various methods/standards
and perhaps try to document the reasons (if possible) that "market forces"
took us in one direction vs another.

-derek
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

v2.23.0 | Report a Bug | By Email