IETF Logo Mail Archive

Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n transition)

"Hallam-Baker, Phillip" <pbaker@verisign.com> Tue, 03 March 2009 14:25 UTC

Return-Path: <pbaker@verisign.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 692733A688A for <saag@core3.amsl.com>; Tue, 3 Mar 2009 06:25:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.147
X-Spam-Level:
X-Spam-Status: No, score=-7.147 tagged_above=-999 required=5 tests=[AWL=1.451, BAYES_00=-2.599, GB_I_LETTER=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uuoCNyr8QKJm for <saag@core3.amsl.com>; Tue, 3 Mar 2009 06:25:00 -0800 (PST)
Received: from robin.verisign.com (robin.verisign.com [65.205.251.75]) by core3.amsl.com (Postfix) with ESMTP id 4AF723A6887 for <saag@ietf.org>; Tue, 3 Mar 2009 06:25:00 -0800 (PST)
Received: from MOU1WNEXCN02.vcorp.ad.vrsn.com (mailer2.verisign.com [65.205.251.35]) by robin.verisign.com (8.12.11/8.13.4) with ESMTP id n23EPIaZ007790; Tue, 3 Mar 2009 06:25:18 -0800
Received: from MOU1WNEXMB09.vcorp.ad.vrsn.com ([10.25.15.197]) by MOU1WNEXCN02.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 3 Mar 2009 06:25:18 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C99C0B.E0415FCA"
Date: Tue, 03 Mar 2009 06:25:17 -0800
Message-ID: <2788466ED3E31C418E9ACC5C3166155768B2EC@mou1wnexmb09.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n transition)
Thread-Index: Acmbe8/toVJcqdjGQuqpi9nb3nzg5AAiyIvR
References: <1235663917.3293.16.camel@localhost><20090226165448.GK9992@Sun.COM><20090227022359.8D45150822@romeo.rtfm.com><20090302161134.GG9992@Sun.COM><20090302172135.DA43650822@romeo.rtfm.com><200903021720.n22HKZOv006388@grapenut.srv.cs.cmu.edu><864C82388E530D27DCB6002F@minbar.fac.cs.cmu.edu><20090302182547.GX9992@Sun.COM><0DE6E86D395C657BABF43B97@minbar.fac.cs.cmu.edu><20090302185050.GB9992@Sun.COM> <20090302205656.GF9992@Sun.COM>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: Nicolas Williams <Nicolas.Williams@sun.com>, Jeffrey Hutzelman <jhutz@cmu.edu>
X-OriginalArrivalTime: 03 Mar 2009 14:25:18.0106 (UTC) FILETIME=[E07447A0:01C99C0B]
Cc: der Mouse <mouse@Rodents-Montreal.ORG>, saag@ietf.org
Subject: Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n transition)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2009 14:25:01 -0000

A PKI does not grow of its own accord. The SSL PKI only exists because there was a clear business driver that drove its deployment.

That is not to say that it is impossible to deploy an alternative design. Only that it is necessary to model and understand the real world deployment constraints and design for deployment.

And the biggest mistake most designers make is to over-estimate the extent to which security is actually desired. As far as actual end users are concerned the SHA-n transition issue is irrelevant, it is even irrelevant as far as the banks and so on are concerned. Everyone else in the system expects 'the boffins' to come up with a fix that won't require them to do too much. In particular, they don't want a solution that might require them to actually think.

The only way that an imminent crisis can lead to large scale concerted action is if (1) the underlying technical issue is simple enough for anyone to grasp and (2) those required to act have other motives for action. The reason that the Y2K scam was so successful was because it enabled a clique of mediocre corporate VPs to engage in empire building. After a short while the scam became self-perpetuating because the first act of a Y2K vampire was to send out letters to every supplier demanding proof of Y2K certification - and so the infection was spread.


You do not need to be an economist or apply fancy algebra to understand the effects of economic processes. If we are not prepared to try to understand the economists, why should the economists attempt to understand us?


-----Original Message-----
From: saag-bounces@ietf.org on behalf of Nicolas Williams
Sent: Mon 3/2/2009 3:56 PM
To: Jeffrey Hutzelman
Cc: der Mouse; saag@ietf.org
Subject: [saag] Or grow a real PKI (Re:  SHA-1 to SHA-n transition)
 
Perhaps the simplest fix, technologically speaking, would be to get a
real PKI -- no technical changes needed, just political ones.  But that
strikes me as politically infeasible.

A real PKI would imply:

 - trust anchor regulations
 - CA and DNS registrar regulations that work

Seems unlikely.
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email