IETF Logo Mail Archive

Re: [saag] post-X509 cryptographic identities

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 15 February 2020 12:57 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B9B7120045 for <saag@ietfa.amsl.com>; Sat, 15 Feb 2020 04:57:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.5
X-Spam-Level: **
X-Spam-Status: No, score=2.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nKZj8fxr4vi6 for <saag@ietfa.amsl.com>; Sat, 15 Feb 2020 04:57:37 -0800 (PST)
Received: from relay.sandelman.ca (minerva.sandelman.ca [IPv6:2a01:7e00::3d:b000]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFDC612001E for <saag@ietf.org>; Sat, 15 Feb 2020 04:57:36 -0800 (PST)
Received: from dooku.sandelman.ca (ip5f5bd773.dynamic.kabel-deutschland.de [95.91.215.115]) by relay.sandelman.ca (Postfix) with ESMTPS id C3FFE1F459; Sat, 15 Feb 2020 12:57:34 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id D4CC71A2B8E; Sat, 15 Feb 2020 13:57:33 +0100 (CET)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Nico Williams <nico@cryptonector.com>
cc: saag@ietf.org
In-reply-to: <20200214203306.GW18021@localhost>
References: <ac360994-e747-6913-fdc3-19b7db2e00c3@netmagic.com> <3854.1581431519@dooku> <20200213174617.GQ18021@localhost> <18044.1581688781@dooku> <20200214203306.GW18021@localhost>
Comments: In-reply-to Nico Williams <nico@cryptonector.com> message dated "Fri, 14 Feb 2020 14:33:07 -0600."
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.2.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sat, 15 Feb 2020 13:57:33 +0100
Message-ID: <3586.1581771453@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/vsKDuM2PXo9ZZEA6eAD7wYaYT2k>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Feb 2020 12:57:39 -0000

Nico Williams <nico@cryptonector.com> wrote:
    >> and in particular it would permit: or: Russia's nameservice
    >> cryptnector.com (national DNS root) or: employer.example.com's
    >> www.amazon.com (forced corporate proxy)

    > Sure, but PKIX let's you have this too: it's just an alternate issuer
    > (root).

    > What would SPKI have given us, really?

No, PKIX does not have an alternate issuer.
That's outside of the PKIX.  It's another instance of PKIX.
What SPKI gives is the alternate roots are explainable and codifiable within
the system, rather than making it an externality.  

    >> In the SPKI days I wanted no DNSSEC root.  I wanted 158 national roots
    >> with k-of-n cross-signatures.

    > Cross-signing roots ~= a root anyways.

    > Every country could run its own roots with mostly or entirely the same
    > contents as all the others.  From a relying party's point of view,
    > there's a single root, and _that_ is what matters.

This would almost be the same thing, except for the liability and soveignty issue.

    > (A relying party might need to change root trust anchors when traveling
    > if they are forced to or want to change roots.)

Yes, possibly.  It's definitely an open question, and there is a tussle there.

    >> Which definitely lets my government spoof me, which they already say
    >> they have the right to do under certain circumstances, but it doesn't
    >> let them spoof you.  Would we have to kill ".com", etc. and all the
    >> ICANN zoo?  Maybe. It's not a big loss to me, but others would object.
    >> And we don't need to do it overnight.

    > Yes.  But if governments won't force you to do this, I don't mind.
    > That is, we can have a single-root PKI (or a cross-signed root if you
    > prefer) in all cases.  And we can have mandatory or optional use of
    > ccTLDs.  It's all good.

The carrot could revolve around liability.

    >> It also means that my government is assuming liability if I get
    >> spoofed, which also seems reasonable.

    > Sovereigns always immunize themselves.  You will not be able to sue
    > your government over attacks on you resulting from your country's ccTLD
    > private keys being compromised.  At best some may be able to avoid some
    > losses when their counter-party is also operating in the same country,
    > but only entities other than their government will be taking the
    > losses.

"I relied upon the trust anchor my government provided me, so, your Honour, I
am not guilty"

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email