IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Nico Williams <nico@cryptonector.com> Tue, 11 February 2020 17:19 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2274012081D for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 09:19:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CoCnPDs0FfD8 for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 09:19:41 -0800 (PST)
Received: from dog.birch.relay.mailchannels.net (dog.birch.relay.mailchannels.net [23.83.209.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 451C7120124 for <saag@ietf.org>; Tue, 11 Feb 2020 09:19:41 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 07CF8340B30; Tue, 11 Feb 2020 17:19:40 +0000 (UTC)
Received: from pdx1-sub0-mail-a89.g.dreamhost.com (100-96-0-6.trex.outbound.svc.cluster.local [100.96.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 5B2A73414A6; Tue, 11 Feb 2020 17:19:39 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a89.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Tue, 11 Feb 2020 17:19:39 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Thoughtful-Language: 121003f641c9ed98_1581441579815_917842715
X-MC-Loop-Signature: 1581441579815:3562518292
X-MC-Ingress-Time: 1581441579814
Received: from pdx1-sub0-mail-a89.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a89.g.dreamhost.com (Postfix) with ESMTP id 763117E619; Tue, 11 Feb 2020 09:19:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=i7GYsCcDNEFKRFHLX0w+VmtvXUk=; b=qFNAm4W8Oqt 6ksHvr11d8K9EmKBvA9PQA2ZiyRGR5sOPKLmkuT0Z+IZ9g8Z38yyaO6zK0jwnIUM ovpKWzaPStZr2ktnppia80kTqaQq5dC29LggcOcnJc/T+oAoGlHWDUYtPTWG14oO AIJHjUAq8XnkzaXItMKv7aCiEnBaZTdI=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a89.g.dreamhost.com (Postfix) with ESMTPSA id 58E727E5F9; Tue, 11 Feb 2020 09:19:31 -0800 (PST)
Date: Tue, 11 Feb 2020 11:19:29 -0600
X-DH-BACKEND: pdx1-sub0-mail-a89
From: Nico Williams <nico@cryptonector.com>
To: trutkowski@netmagic.com
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, saag@ietf.org
Message-ID: <20200211171927.GJ18021@localhost>
References: <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku> <20200211165720.GH18021@localhost> <98b92ba2-f7a0-fd53-05f4-3d46dc27996f@netmagic.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
In-Reply-To: <98b92ba2-f7a0-fd53-05f4-3d46dc27996f@netmagic.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: 0
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieefgdelvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtugfgjggfsehtkeertddtredunecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecuffhomhgrihhnpehoihguqdhinhhfohdrtghomhenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/m0R13XohsP0YHuy84Y9HhrbNoLQ>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 17:19:43 -0000

On Tue, Feb 11, 2020 at 12:08:06PM -0500, Tony Rutkowski wrote:
> Does the OID namespace qualify as true rooted?  Ref.
> http://www.oid-info.com/introduction.htm

Yes, but it's not a user-friendly naming scheme, and it has no PK, so
"no", not in the sense we're discussing here.

DNS, which is very similar, does qualify because a) DNS has a user-
friendly naming scheme (or at least users are all quite used to it by
now!) and b) DNS does have a PKI (DNSSEC).

Nico
--

v2.23.0 | Report a Bug | By Email