Re: [saag] post-X509 cryptographic identities
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 14 February 2020 19:45 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1D73120A99 for <saag@ietfa.amsl.com>; Fri, 14 Feb 2020 11:45:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B2CIQMoY605t for <saag@ietfa.amsl.com>; Fri, 14 Feb 2020 11:45:05 -0800 (PST)
Received: from mail-oi1-f178.google.com (mail-oi1-f178.google.com [209.85.167.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C2A2120B33 for <saag@ietf.org>; Fri, 14 Feb 2020 11:45:05 -0800 (PST)
Received: by mail-oi1-f178.google.com with SMTP id q81so10558625oig.0 for <saag@ietf.org>; Fri, 14 Feb 2020 11:45:05 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=GSJc0b0j/NEdMv0xlLt+8bKE2WFCj++T9ReSD6GwEX0=; b=JwCe9Lz9y0FYM72/uIbZndwtF1fyQvidFeoGjNN/yG+hNxCiyCyVW08mhofIlvF7ls aieHugVz+m1Ole8mgV0WDo5PAPZTAvogacFBmFL/tfzroSUZU5X6bsuCYyduGSD70UYX ooiTgBfHslM2kv6PQq0HeRKTsBGJjQnm8JbkaZHCoY5BZwve66IfIjbisNsnGNudpEdc rCqDOK5085BSzkVq28iE1/jNDryodrmtH2B9uV4/Fploq6Ut/L4sRYYKAg9S67DvFmHH x6eh/h7Sg4td7nUnvgWGyCi+1PN21wIXm2Px8DRo0BlJegHNB4MaIJloPSFl/I2kE9ZS RRHA==
X-Gm-Message-State: APjAAAWbU2E9jbGBJbWYFuBIi1XRpdoBVyFuQAz4I2Kc995o7bWPhLyh KRvZMUU/zlYQiR7k/qT84eEAkvAZvajWjuQiF7xSIPvy
X-Google-Smtp-Source: APXvYqzx2X7x+wL3VhaDfe5mwUnnAJXpW6v+6QThuWhd2g5G7BGg7terOKtS5o81EyJAGyJ7c8HKnFk0EgH+IoM6zVA=
X-Received: by 2002:aca:ccce:: with SMTP id c197mr2897520oig.31.1581709504565; Fri, 14 Feb 2020 11:45:04 -0800 (PST)
MIME-Version: 1.0
References: <26497.1581418516@dooku> <20200212002125.GO18021@localhost> <alpine.DEB.2.20.2002131443470.25433@grey.csi.cam.ac.uk> <20200213171324.GP18021@localhost> <d3d01f1f-5784-da84-1c59-e636d349bd2a@netmagic.com> <20200213175626.GR18021@localhost> <65357327-e2d7-89cc-221e-ed8ac2875048@netmagic.com> <A91F5BD6-BFBA-4BA7-9158-3F41A8F0F7D9@gmail.com> <20200213191952.GS18021@localhost> <9FEBBD2A-3578-436A-92E3-192CADC9FA8B@gmail.com> <20200213205158.GT18021@localhost>
In-Reply-To: <20200213205158.GT18021@localhost>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 14 Feb 2020 14:44:53 -0500
Message-ID: <CAMm+LwhAXWbVL=j3Cek_Sf9eK-aKsQgZ+Gsh55nP3nvur_JSEQ@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002855f4059e8e71ab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/uklS_Foa6ssIOpGP7HAN8aGTNxQ>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2020 19:45:07 -0000
Sorry for the driveby. Due to current circumstances it is difficult for me to read. So I could only take in the first dozen or so posts. The origin of PKIX is to be found in Kohnfelder's Msc thesis at MIT. It describes CAs, CRLs and the directory. It is essentially X.509v1. The big weakness in that work is that the set of constraints it is designed to address no longer exist. Today network connectivity is essentially ubiquitous, back then it was rare. PKI is a combination of three principle elements 1) Structure 2) Ceremony 3) Syntax Naming is a consequence of structure. In X.509, trust flows down from the root node of the directory. PKIX then subverts this entirely by grafting on a completely separate naming structure via SANs. So the X.509 naming infrastructure is essentially inconsequential. The big difference between DNSSEC and PKIX is that in DNSSEC the naming system and the structure of trust are the same. Which is one of the reasons DNSSEC doesn't really meet modern trust needs. SPKI is not quite so dead as people imagine. Brian LaMacchia applied many of the concepts in the Strong Naming infrastructure in .NET. But the approach is ultimately solipsistic. The approach I tried to take in Shen in the 90s and have revisited with the Mesh is to make every individual the apex of their own trust hierarchy. My original hope was we could do something of the sort with PKIX. But X.509 is simply too complex for most organizations to manage let alone individuals. DNSSEC cannot meet my security needs because it insists all trust flows from one point. If I am designing an embedded system, I want to be able to specify the roots of trust. Ceremony is a topic Carl Ellison introduced. If you want to understand the security of the system, you have to understand more than just the protocol and the math. If you want to understand a PGP key signing, you need to understand it as ceremony. IETF has ignored ceremony for too long under the motto 'we don't do UI'. Well you have to do ceremony to do security. So its about time we changed that. I am currently working (or trying to) on a paper on onboarding ceremonies which I hope will show the point. Syntax is the least important part of PKI but it is a part of the puzzle. Why oh why do people think canonicalization is relevant? If you want to be able to verify a signature, you have to keep the original bits that were signed. End of story. That said, XML is better than ASN.1 DER because it isn't completely stupid. JSON is better as a data serialization than XML because it is designed to be a data serialization not a document markup. Requiring elements be presented in a particular order and schema validation are bogus.
- [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Derek Atkins
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Derek Atkins
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Watson Ladd
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Peter Gutmann
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Tony Finch
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Watson Ladd
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Viktor Dukhovni
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Finch
- Re: [saag] post-X509 cryptographic identities Michael Richardson