IETF Logo Mail Archive

Re: [Secdispatch] Marking SPKAC as Historic

Graham Leggett <minfrin@sharp.fm> Wed, 16 November 2022 16:32 UTC

Return-Path: <minfrin@sharp.fm>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95051C1522AC for <secdispatch@ietfa.amsl.com>; Wed, 16 Nov 2022 08:32:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sharp.fm
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ihai-TaIEdQA for <secdispatch@ietfa.amsl.com>; Wed, 16 Nov 2022 08:32:47 -0800 (PST)
Received: from chandler.sharp.fm (chandler.sharp.fm [78.33.206.219]) by ietfa.amsl.com (Postfix) with ESMTP id 22537C1522AB for <secdispatch@ietf.org>; Wed, 16 Nov 2022 08:32:46 -0800 (PST)
Received: from smtpclient.apple (unknown [IPv6:2001:4d48:ad5d:6301:6017:5a45:1bfd:d911]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: minfrin@sharp.fm) by chandler.sharp.fm (Postfix) with ESMTPSA id 93FFF1A1629; Wed, 16 Nov 2022 16:32:45 +0000 (GMT)
Authentication-Results: chandler.sharp.fm; arc=none smtp.client-ip=2001:4d48:ad5d:6301:6017:5a45:1bfd:d911
ARC-Seal: i=1; a=rsa-sha256; d=sharp.fm; s=default; t=1668616365; cv=none; b=YQjgt29U27SlRAO9SAAi+yPuQSdbyJ9DgqeDLxfG0Ajji/8fKU321dZNyq2GvLHw2mB90+ZySxjmW4A7powDSRhZ11z6fHDwKmKqSt9kENwbAK7/568soGBncSFywKImOhKl9qOPsruRVu1+blw/+PWJxiO4+qR/HLLhnMihIK4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sharp.fm; s=default; t=1668616365; c=relaxed/simple; bh=9gyOIKNK3idBUEAh3BFkdCfOqkj1aQOLu6lroMO/k4I=; h=DKIM-Filter:DKIM-Signature:From:Message-Id:Content-Type: Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:X-Mailer; b=ltsq6vcg/xnGe8HYVd6B5vB0qe7PpuQRJgTOK3iZ7bWXdKu/kwfVGxgZJcBB2DOCD59Weu6ZPIl5lZ9dUvxOxwOKaurO3FL/ConU9w3Iv1qQYVDKIv3bcNXMI1s+qVHzpDdEfwq832zHg4t47kNIsng4d8Lc81kDuEx/U0xPP4M=
ARC-Authentication-Results: i=1; chandler.sharp.fm; arc=none smtp.client-ip=2001:4d48:ad5d:6301:6017:5a45:1bfd:d911
DKIM-Filter: OpenDKIM Filter v2.11.0 chandler.sharp.fm 93FFF1A1629
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharp.fm; s=default; t=1668616365; bh=vPDTLrLKd9lD2pQxo0WTdVCnADmnKmJmgKHExiTpmqc=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=cBJLpTtZE4U6fah/KBWPHa0zTMjvfaW6tbOZ/jGdY8TOuLEiOZtpuQeChXWqMXBqe OWpVAtJVXd5qWzP86SAEFefKaFBZrJpB/+U6LQhBt/M2zOxTqE4d2Qx2phgzKKokYk O0oW8QQLLtzm/sCXJ82X8uKt2rLfJGy+VeUOaniU=
From: Graham Leggett <minfrin@sharp.fm>
Message-Id: <B6AC1A18-822B-4AA8-8116-12F1F8E7421B@sharp.fm>
Content-Type: multipart/alternative; boundary="Apple-Mail=_221353CA-D344-4345-B293-F6DE543E822F"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Date: Wed, 16 Nov 2022 18:32:45 +0200
In-Reply-To: <CABcZeBM573hZHwsDR9T3+WWdKzkk3abVefVuMnKDuf7hr9qOdQ@mail.gmail.com>
Cc: Graham Leggett <minfrin=40sharp.fm@dmarc.ietf.org>, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, secdispatch@ietf.org, Roman Danyliw <rdd@cert.org>
To: Eric Rescorla <ekr@rtfm.com>
References: <CAHbrMsAPOw-PRHOh9OO1fU3tkN2ywWvAihG-2xWyu_SPgTYzLQ@mail.gmail.com> <333D208F-05DF-44E3-95D1-D8B01E1BEA98@sharp.fm> <CABcZeBM573hZHwsDR9T3+WWdKzkk3abVefVuMnKDuf7hr9qOdQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/9TiRN4_OaID5z5y-raRcd01Kf64>
Subject: Re: [Secdispatch] Marking SPKAC as Historic
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2022 16:32:51 -0000

On 11 Nov 2022, at 21:48, Eric Rescorla <ekr@rtfm.com> wrote:

> This is not the only reason it was removed. For instance, here is the W3C TAG
> writeup of concerns around keygen:
> https://github.com/w3ctag/wiki/wiki/keygen <https://github.com/w3ctag/wiki/wiki/keygen>
The document above was source material for the draft. The key takeaways above are a) MD5 bad, and b) various concerns around user experience. What wasn’t shown was any concrete data to back up the claims around the user experience, given they were talking about something that had at the time been in production for twenty years. Weirdly, in all the analysis, “the format of the proof of possession message wasn’t written down anywhere” was never mentioned.

The focus on “is this supported in web browsers” is largely irrelevant in 2022, because web browsers now have Native Messaging Browser Extensions as part of Web Extensions, which allow a webpage to access native code on a given machine. In addition, the days of “the certificate store is in the browser” is now gone, with the browsers deferring to the operating system’s certificate store.

What this means is, a Web Extension can be built that solves the key distribution problem for all browsers today, and if the user experience is not up to scratch, someone else can write a better Web Extension. None of this needs cooperation from browser makers.

What is important is this Web Extension and the better one that might replace it need a standard to follow. Every certificate authority public and private coming up with their own protocol is awful, that’s why standards exist.

Which standard to follow? One that already exists, is already widely deployed, is already audited as part of crypto libraries, and has been in production on a wide range of operating systems for 25 years, or something brand new?

Or to put it another way, why does a certificate authority have to spend hundreds of thousands / millions of dollars coming up with something new when they can spend nothing and use what is already there?

This is why the question “if it is not recommended, why is it not recommended” is so important. If people are being asked to invest large amounts of money to replace something that already exists, it needs to be for a good reason.

The only issue we’ve seen to date is “MD5 bad” and that’s been fixed. Is there anything else?

> More broadly, WebAuthn is the preferred solution for many if not most of the
> applications for which TLS client auth with keygen was used.

WebAuthn appears to solve web login, which happens later.

Regards,
Graham
—

v2.23.0 | Report a Bug | By Email