IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 14 February 2020 19:45 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1D73120A99 for <saag@ietfa.amsl.com>; Fri, 14 Feb 2020 11:45:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B2CIQMoY605t for <saag@ietfa.amsl.com>; Fri, 14 Feb 2020 11:45:05 -0800 (PST)
Received: from mail-oi1-f178.google.com (mail-oi1-f178.google.com [209.85.167.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C2A2120B33 for <saag@ietf.org>; Fri, 14 Feb 2020 11:45:05 -0800 (PST)
Received: by mail-oi1-f178.google.com with SMTP id q81so10558625oig.0 for <saag@ietf.org>; Fri, 14 Feb 2020 11:45:05 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=GSJc0b0j/NEdMv0xlLt+8bKE2WFCj++T9ReSD6GwEX0=; b=JwCe9Lz9y0FYM72/uIbZndwtF1fyQvidFeoGjNN/yG+hNxCiyCyVW08mhofIlvF7ls aieHugVz+m1Ole8mgV0WDo5PAPZTAvogacFBmFL/tfzroSUZU5X6bsuCYyduGSD70UYX ooiTgBfHslM2kv6PQq0HeRKTsBGJjQnm8JbkaZHCoY5BZwve66IfIjbisNsnGNudpEdc rCqDOK5085BSzkVq28iE1/jNDryodrmtH2B9uV4/Fploq6Ut/L4sRYYKAg9S67DvFmHH x6eh/h7Sg4td7nUnvgWGyCi+1PN21wIXm2Px8DRo0BlJegHNB4MaIJloPSFl/I2kE9ZS RRHA==
X-Gm-Message-State: APjAAAWbU2E9jbGBJbWYFuBIi1XRpdoBVyFuQAz4I2Kc995o7bWPhLyh KRvZMUU/zlYQiR7k/qT84eEAkvAZvajWjuQiF7xSIPvy
X-Google-Smtp-Source: APXvYqzx2X7x+wL3VhaDfe5mwUnnAJXpW6v+6QThuWhd2g5G7BGg7terOKtS5o81EyJAGyJ7c8HKnFk0EgH+IoM6zVA=
X-Received: by 2002:aca:ccce:: with SMTP id c197mr2897520oig.31.1581709504565; Fri, 14 Feb 2020 11:45:04 -0800 (PST)
MIME-Version: 1.0
References: <26497.1581418516@dooku> <20200212002125.GO18021@localhost> <alpine.DEB.2.20.2002131443470.25433@grey.csi.cam.ac.uk> <20200213171324.GP18021@localhost> <d3d01f1f-5784-da84-1c59-e636d349bd2a@netmagic.com> <20200213175626.GR18021@localhost> <65357327-e2d7-89cc-221e-ed8ac2875048@netmagic.com> <A91F5BD6-BFBA-4BA7-9158-3F41A8F0F7D9@gmail.com> <20200213191952.GS18021@localhost> <9FEBBD2A-3578-436A-92E3-192CADC9FA8B@gmail.com> <20200213205158.GT18021@localhost>
In-Reply-To: <20200213205158.GT18021@localhost>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 14 Feb 2020 14:44:53 -0500
Message-ID: <CAMm+LwhAXWbVL=j3Cek_Sf9eK-aKsQgZ+Gsh55nP3nvur_JSEQ@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002855f4059e8e71ab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/uklS_Foa6ssIOpGP7HAN8aGTNxQ>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2020 19:45:07 -0000

Sorry for the driveby. Due to current circumstances it is difficult for me
to read. So I could only take in the first dozen or so posts.

The origin of PKIX is to be found in Kohnfelder's Msc thesis at MIT. It
describes CAs, CRLs and the directory. It is essentially X.509v1. The big
weakness in that work is that the set of constraints it is designed to
address no longer exist. Today network connectivity is
essentially ubiquitous, back then it was rare.

PKI is a combination of three principle elements

1) Structure
2) Ceremony
3) Syntax

Naming is a consequence of structure. In X.509, trust flows down from the
root node of the directory. PKIX then subverts this entirely by grafting on
a completely separate naming structure via SANs. So the X.509 naming
infrastructure is essentially inconsequential.

The big difference between DNSSEC and PKIX is that in DNSSEC the naming
system and the structure of trust are the same. Which is one of the reasons
DNSSEC doesn't really meet modern trust needs.

SPKI is not quite so dead as people imagine. Brian LaMacchia applied many
of the concepts in the Strong Naming infrastructure in .NET. But the
approach is ultimately solipsistic.

The approach I tried to take in Shen in the 90s and have revisited with the
Mesh is to make every individual the apex of their own trust hierarchy. My
original hope was we could do something of the sort with PKIX. But X.509 is
simply too complex for most organizations to manage let alone individuals.

DNSSEC cannot meet my security needs because it insists all trust flows
from one point. If I am designing an embedded system, I want to be able to
specify the roots of trust.


Ceremony is a topic Carl Ellison introduced. If you want to understand the
security of the system, you have to understand more than just the protocol
and the math. If you want to understand a PGP key signing, you need to
understand it as ceremony.

IETF has ignored ceremony for too long under the motto 'we don't do UI'.
Well you have to do ceremony to do security. So its about time we changed
that. I am currently working (or trying to) on a paper on onboarding
ceremonies which I hope will show the point.


Syntax is the least important part of PKI but it is a part of the puzzle.
Why oh why do people think canonicalization is relevant? If you want to be
able to verify a signature, you have to keep the original bits that were
signed. End of story.

That said, XML is better than ASN.1 DER because it isn't completely stupid.
JSON is better as a data serialization than XML because it is designed to
be a data serialization not a document markup. Requiring elements be
presented in a particular order and schema validation are bogus.

v2.23.0 | Report a Bug | By Email