Re: [saag] Direct trust between users
Nico Williams <nico@cryptonector.com> Thu, 25 April 2019 21:28 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 687AC120092 for <saag@ietfa.amsl.com>; Thu, 25 Apr 2019 14:28:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJD8WVRAgTsl for <saag@ietfa.amsl.com>; Thu, 25 Apr 2019 14:28:47 -0700 (PDT)
Received: from goldenrod.birch.relay.mailchannels.net (goldenrod.birch.relay.mailchannels.net [23.83.209.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BF17120025 for <saag@ietf.org>; Thu, 25 Apr 2019 14:28:47 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 0CC9D5C498F; Thu, 25 Apr 2019 21:28:46 +0000 (UTC)
Received: from pdx1-sub0-mail-a22.g.dreamhost.com (unknown [100.96.11.48]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 95C255C4F79; Thu, 25 Apr 2019 21:28:45 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a22.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Thu, 25 Apr 2019 21:28:46 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Versed-Little: 1ad5c9ed1cc67ccd_1556227725844_1915684158
X-MC-Loop-Signature: 1556227725844:2349157656
X-MC-Ingress-Time: 1556227725843
Received: from pdx1-sub0-mail-a22.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a22.g.dreamhost.com (Postfix) with ESMTP id 3A18C825D8; Thu, 25 Apr 2019 14:28:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=CbmpQsMG2YV+Cu q/MSPee9s2hSA=; b=N25Kby2lQIPFL83xS4CXyOhgOJlUWksTIxPwAvyPv62qJb IxDexsv41IJTyKpK/b8c4lgYmtedfQT7V2T/BPNnLzgBn+zQea5dYO6TdFQNdlfE vrAmfsSrncJv/kgdakrCwfx9XKs2XUMi3fSPwLHuhV9rMIscKBUm6prBsCnGk=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a22.g.dreamhost.com (Postfix) with ESMTPSA id 2A62C825D6; Thu, 25 Apr 2019 14:28:42 -0700 (PDT)
Date: Thu, 25 Apr 2019 16:28:40 -0500
X-DH-BACKEND: pdx1-sub0-mail-a22
From: Nico Williams <nico@cryptonector.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, IETF SAAG <saag@ietf.org>
Message-ID: <20190425212839.GW3137@localhost>
References: <CAMm+LwheS8mP8guk4++VNSfcp19kqcOZLxCHaV0=F02xyc7Aow@mail.gmail.com> <20190424182641.GL3137@localhost> <CAMm+LwjAPOf9eW9kpHfh=4MmSYLciHBJ4g2Kr32bkejpsdf3Xw@mail.gmail.com> <20190424233338.GP3137@localhost> <16119.1556207291@dooku.sandelman.ca> <CAMm+Lwji0P=o+WzMOTr4ZbYDsiSUvt7evhgz-sPkPxQhdS_6pQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+Lwji0P=o+WzMOTr4ZbYDsiSUvt7evhgz-sPkPxQhdS_6pQ@mail.gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduuddrheeggdduiedvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/pWorid3dFx0VC4mSVuYIa8JDdPs>
Subject: Re: [saag] Direct trust between users
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2019 21:28:49 -0000
On Thu, Apr 25, 2019 at 04:44:15PM -0400, Phillip Hallam-Baker wrote: > On Thu, Apr 25, 2019 at 11:48 AM Michael Richardson <mcr+ietf@sandelman.ca> > wrote: > > Nico Williams <nico@cryptonector.com> wrote: > > > Long long ago I used to imagine the U.S. postal service selling > > > what you might call EV user certificates: after all, there are > > > post offices everywhere and their staff are trained in validating > > > government-issued IDs, often they're even notaries public! I > > > supposed one might even be able to get attribute certs attesting > > > that the holder of the key is, e.g., a citizen, or over 18 years > > > of age. > > > > Canada Post had a key in the browser list for a decade or so, and > > there was some project with Entrust to do something, but I don't > > think it ever happened. > > The US Post office had a series of proposed schemes as well. None of > them ever got anywhere because we poached their staff as fast as they > could train them. > > Every 18 months some political appointee would attempt to start some > information superhighway effort. A team would be staffed up in the > USPO and learn about PKI. About twelve months in, they would be all > nicely trained up and we would show up and offer double their salary > plus stock. Oh. That's the reason? This is the sort of thing that should be setup via a contract with an external party, then this sort of "sabotage" (no offense intended) is much less likely (the external party won't want to be in breach). > > The post-office is unique in that it can get a letter to many people > > within 24h, rather cheaply, and I keep thinking that this is a > > better 2FA (or 3FA) for account recovery. You don't need them to do anything special for that. And note well that the post service generally doesn't know how to contact people -- it depends on the sender to furnish the recipient's address. I.e., the postal service is like a network layer 3, and there is no DNS for it. If the postal service were to sell certificates and also use postal delivery for 2FA, they'd have to know where you live -- "know" in very different sense from "they seem all the letters go by, so they could know where everyone lives". > There is a classical problem called the innovator's dilemma that > actually mitigates against realizing such efficiencies. That and the fact that postal services are generally publicly owned and operated, so there's very little incentive for them to innovate. > > > Upside: you won't need to train their employees in how to validate > > > IDs. > > > Downside: risks being more of a political than business > > > relationship. > > > > Maybe Amazon has the clout with the Post Office to make that happen :-) > > [I say with only half tongue-in-cheek] > > "Alexa, please renew my certificates" > > It could be made to happen. But the way to make it happen would be to > design a system that is capable of > > 1) Solving a very small stand alone problem by itself > 2) Application to problems of arbitrary size. Hmm, because these certificates couldn't be short-lived... the issuer would have to support revocation, and probably record all issued certificate serial numbers and names. Not trivial, though still not very difficult. OTOH, if such certificates are strongly bound to _devices_, then you can push the revocation burden to that layer, and make the issuer O(1) -- that being key to (2). (1) is already met, I think. Nico --
- [saag] Direct trust between users Phillip Hallam-Baker
- Re: [saag] Direct trust between users Nico Williams
- Re: [saag] Direct trust between users Phillip Hallam-Baker
- Re: [saag] Direct trust between users Nico Williams
- Re: [saag] Direct trust between users Stephen Farrell
- Re: [saag] Direct trust between users Phillip Hallam-Baker
- Re: [saag] Direct trust between users Stephen Farrell
- Re: [saag] Direct trust between users Michael Richardson
- Re: [saag] Direct trust between users Phillip Hallam-Baker
- Re: [saag] Direct trust between users Nico Williams
- Re: [saag] Direct trust between users Phillip Hallam-Baker
- Re: [saag] Direct trust between users Ben Laurie
- Re: [saag] Direct trust between users Ben Laurie
- Re: [saag] Direct trust between users Phillip Hallam-Baker