IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Nico Williams <nico@cryptonector.com> Thu, 13 February 2020 17:13 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95305120807 for <saag@ietfa.amsl.com>; Thu, 13 Feb 2020 09:13:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aSh_4mEEq5GW for <saag@ietfa.amsl.com>; Thu, 13 Feb 2020 09:13:36 -0800 (PST)
Received: from camel.birch.relay.mailchannels.net (camel.birch.relay.mailchannels.net [23.83.209.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BF4712011D for <saag@ietf.org>; Thu, 13 Feb 2020 09:13:36 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 799B0341131; Thu, 13 Feb 2020 17:13:35 +0000 (UTC)
Received: from pdx1-sub0-mail-a21.g.dreamhost.com (100-96-1-6.trex.outbound.svc.cluster.local [100.96.1.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id BEF7B340668; Thu, 13 Feb 2020 17:13:34 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a21.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Thu, 13 Feb 2020 17:13:35 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Tart-Quick: 6de9be846936cee5_1581614015239_2509345023
X-MC-Loop-Signature: 1581614015239:7792983
X-MC-Ingress-Time: 1581614015239
Received: from pdx1-sub0-mail-a21.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a21.g.dreamhost.com (Postfix) with ESMTP id 2ACB57E42D; Thu, 13 Feb 2020 09:13:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=VaUAbqhgg8JRVr 0Ex3pk/Oyn2L8=; b=doZd+9587kLX+oU0Xkq0fZMCW5ws/OAvHvpAp7sDaecbnC fsWAEEs6HJuVsEbpWev0weKHS7uN8whcTPvGv4/JUglagMU5I0b+p9OgrP2Bdq6v EaaGiTLkSy5KIyQhslNDrdgRypGPOr2e6cwAj158Dc7AwpxpJJJWu2LTR46bA=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a21.g.dreamhost.com (Postfix) with ESMTPSA id BCE097F01F; Thu, 13 Feb 2020 09:13:28 -0800 (PST)
Date: Thu, 13 Feb 2020 11:13:25 -0600
X-DH-BACKEND: pdx1-sub0-mail-a21
From: Nico Williams <nico@cryptonector.com>
To: Tony Finch <dot@dotat.at>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, saag@ietf.org
Message-ID: <20200213171324.GP18021@localhost>
References: <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku> <20200212002125.GO18021@localhost> <alpine.DEB.2.20.2002131443470.25433@grey.csi.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.DEB.2.20.2002131443470.25433@grey.csi.cam.ac.uk>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: 0
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieekgdellecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/pM2PQ19h6U0mTDSqrd4iJi2QwLE>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2020 17:13:45 -0000

On Thu, Feb 13, 2020 at 02:51:01PM +0000, Tony Finch wrote:
> Nico Williams <nico@cryptonector.com> wrote:
> > Can we move past domainnames?  Maybe.  What is realistic?
> >
> > One possibility is to do everything via smartphone apps, with app store
> > operators acting as curators.  Naming would still be about (trade)marks
> > (including icons, at least for those who are not sight-impaired), but we
> > might get past domainnames.  Who wants such a world?
> 
> When I wonder about this kind of thing, I try to think about the
> practicalities: would the OS vendors want to run registries for hundreds
> of millions of names themselves, or would they prefer to outsource it?

That's the gist, isn't it.  Registries.  Authorities.  Ultimately a tie
to legal dispute resolution mechanisms.  Messy stuff.

DNS was a worldwide revolution in naming affairs by creating a scalable,
global registration and authority system to go with a scalable
resolution system.

(From a UI perspective, DNS is just an evolution: before we had names,
after we had names.)

DNS and the Internet created realities on the ground that sovereign
entities had to recognize.  That seems likely an accident of DNS
stepping into a vacuum.  Now that the vacuum has been filled, any
replacement may well require significantly more willpower to establish.

> Would the setup be something like certification authorities? How would
> the namespace relate to the market structure: would they be parallel
> like the DNS, or unrelated like WebPKI? Would we end up with something
> like the CA/B forum, except also responsible for the top-level of the
> namespace, and thus effectively performing the same function as ICANN?

Yes, any future revolution in naming will have to deal with registries,
and will have to deal with sovereign entities.

Nico
--

v2.23.0 | Report a Bug | By Email