Re: [saag] On PKI vs. Pinning (SAAG 108 preview)
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 29 July 2020 00:58 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C845F3A0DCE for <saag@ietfa.amsl.com>; Tue, 28 Jul 2020 17:58:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.017
X-Spam-Level:
X-Spam-Status: No, score=-2.017 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gM4df42-t80z for <saag@ietfa.amsl.com>; Tue, 28 Jul 2020 17:58:50 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8F983A0DCD for <saag@ietf.org>; Tue, 28 Jul 2020 17:58:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1595984330; x=1627520330; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=vrorfUhu1/cbRaw7cUza7s9cTQwTtWwoNVwn0fhwmo8=; b=Rqt1ubsR55FmWiD7vwe6mcITw/TAOe+MILESeYx8H+zNOxNn+/1GUKc5 thI6uLAQB016+OqXreqaZSA+NXFovfgffqsdhlq0I9D+5CX/UNwn/M1H4 p/iUuef8TRcX+BKdo+RzljO4++NcA+FBRTY5lspObG/gnrr3EeEPeocBQ GydmEZDUbqq5bEPmKULLlk+Dh6SzkRdAXz8mCFwuihU3cAi5KUXgMrhPY E4E0aJIaUJdxpWIb7XZqGE89q1+qp+cwI5fsPyoR2EvPrbGBr55NLPq+b 1mglv+onLQDUrHGhln3Zqj0RkIsfmpxRK/vnwI8U16KNCdyvtBY3JZpyT A==;
X-IronPort-AV: E=Sophos;i="5.75,408,1589198400"; d="scan'208";a="149399619"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.3 - Outgoing - Outgoing
Received: from uxcn13-ogg-b.uoa.auckland.ac.nz ([10.6.2.3]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 29 Jul 2020 12:58:46 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-b.UoA.auckland.ac.nz (10.6.2.3) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 29 Jul 2020 12:58:45 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.006; Wed, 29 Jul 2020 12:58:45 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Carsten Bormann <cabo@tzi.org>, Benjamin Kaduk <kaduk@mit.edu>
CC: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] On PKI vs. Pinning (SAAG 108 preview)
Thread-Index: AQHWZRNEwnqe/1JfAUmje3SMFOnuNqkcq78AgAEQ0N0=
Date: Wed, 29 Jul 2020 00:58:45 +0000
Message-ID: <1595984326876.94034@cs.auckland.ac.nz>
References: <20200728191331.GV41010@kduck.mit.edu>, <E932C526-5A5C-4969-B806-213910693F18@tzi.org>
In-Reply-To: <E932C526-5A5C-4969-B806-213910693F18@tzi.org>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/_dedHWnCQJNHP4XB9elVRxRYg8o>
Subject: Re: [saag] On PKI vs. Pinning (SAAG 108 preview)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2020 00:58:52 -0000
Carsten Bormann <cabo@tzi.org> writes: >PKI = the set of root CAs is determined by one of a oligopoly of entities, >based on CA/Browser Forum operations, where the entities aren’t really >justifiable parties to the application? While that's an accurate definition (if you substitute "WebPKI" for "PKI", although for most of the world the two are the same anyway), good luck getting anyone to admit that in a document :-). Peter.
- Re: [saag] height of PKI Russ Housley
- [saag] On PKI vs. Pinning (SAAG 108 preview) Benjamin Kaduk
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Benjamin Kaduk
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Ben Laurie
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Salz, Rich
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Carsten Bormann
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Ben Laurie
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Benjamin Kaduk
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Eric Rescorla
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Peter Gutmann
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Yaron Sheffer
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Richard Barnes
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Daniel Migault
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Martin Thomson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Christian Huitema
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Yaron Sheffer
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Yaron Sheffer
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Viktor Dukhovni
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Viktor Dukhovni
- [saag] height of PKI Michael Richardson
- Re: [saag] height of PKI Viktor Dukhovni
- Re: [saag] height of PKI Michael Richardson
- Re: [saag] height of PKI Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Eric Rescorla
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell