IETF Logo Mail Archive

Re: [lamps] On the need for standardization of software-based interoperable private keys [was: Re: draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)]

Eliot Lear <lear@lear.ch> Thu, 05 August 2021 14:52 UTC

Return-Path: <lear@lear.ch>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E64D3A1504 for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 07:52:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.89
X-Spam-Level:
X-Spam-Status: No, score=-0.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=lear.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XzeTli5jfRMO for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 07:52:16 -0700 (PDT)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94D453A1516 for <spasm@ietf.org>; Thu, 5 Aug 2021 07:52:16 -0700 (PDT)
Received: from [IPv6:2001:420:c0c0:1011::5] ([IPv6:2001:420:c0c0:1011:0:0:0:5]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-18) with ESMTPSA id 175EqAUr205506 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Thu, 5 Aug 2021 16:52:11 +0200
Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1628175131; bh=aezqIX+AUXWAiv7Dk3MAtJHLPTiMnmvBYmVkfVoyCMQ=; h=Subject:To:References:From:Date:In-Reply-To:From; b=LPk+ybu+mg4gR8zXbs7f3OldP/gJ941BA+j5W1ij7BKndFERx9rj3CeCy6mgDQsKh /xTzsJdWG8DjL+GMuIPR1IAzNQwLPfFFG/X2k422588dITgrm10xXhn/Yb7smm5JAz nmVlFqZqsiWkATQPR4gV43Dj4I/+7h/94zm/1R3I=
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, LAMPS WG <spasm@ietf.org>
References: <87czr0ww0d.fsf@fifthhorseman.net> <FF939B28-528B-47F9-9C0C-6585D1B02FBE@vigilsec.com> <87mtq3ukk0.fsf@fifthhorseman.net> <CAErg=HHQMZ1jk+bVxA=MzVvW+9ucie7bu-N6O8Asnp0V8Rf9Bg@mail.gmail.com> <30546.1627850836@localhost> <CAErg=HHKL-E5yT0UnPKcLfMQU41iDg7GGgjsSXs3eRg8daJRkg@mail.gmail.com> <87wnp347iu.fsf@fifthhorseman.net> <1388.1627996026@localhost> <87pmuu42hf.fsf@fifthhorseman.net> <20862.1628113377@localhost> <656985A5-BED4-4BA8-9233-B3C93966016C@ll.mit.edu> <877dh03x35.fsf@fifthhorseman.net> <E3BE69E5-937B-4A61-B193-9405AFAF9B2D@ll.mit.edu>
From: Eliot Lear <lear@lear.ch>
Message-ID: <974dd485-a6c2-e19f-92c8-68d75b5c3b28@lear.ch>
Date: Thu, 05 Aug 2021 16:52:08 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <E3BE69E5-937B-4A61-B193-9405AFAF9B2D@ll.mit.edu>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="W00OjZJgDA60Cv6CbRDYqWifwri6DrQQU"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/7r3QML4blJ1LnnggQDnWZEdR01w>
Subject: Re: [lamps] On the need for standardization of software-based interoperable private keys [was: Re: draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)]
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2021 14:52:22 -0000

I REALLY hope not.  Are we REALLY struggling with that point?

Eliot

On 05.08.21 15:47, Blumenthal, Uri - 0553 - MITLL wrote:
> Am I the only one who thinks there's a difference between protocols and data formats?
>
> --
> Regards,
> Uri
>   
> There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.
> The other is to make it so complex there are no obvious deficiencies.
>                                                                                                                                       -  C. A. R. Hoare
>   
>
> On 8/5/21, 08:18, "Spasm on behalf of Daniel Kahn Gillmor" <spasm-bounces@ietf.org on behalf of dkg@fifthhorseman.net> wrote:
>
>      On 8/4/21, 17:44, Michael Richardson wrote:
>      >     I would be happy if pkcs12 just died.
>
>      On Wed 2021-08-04 22:28:17 +0000, Blumenthal, Uri - 0553 - MITLL wrote:
>      > - PKCS#12 cannot "just die" because there's a ton of software that cannot import private keys, unless they're in .p12 or such.
>      > - I concur that interoperation for private keys is nonsense.
>
>      I think i understand the sentiment about wanting PKCS#12 to die, given
>      what a disaster the implementations are and how poorly we collectively
>      understand the format.
>
>      However, i don't understand how interoperation for private keys is
>      nonsense.
>
>      Many people with e-mail accounts use multiple mail user agents to access
>      the same account (e.g. one MUA on their phone, another on a laptop).  If
>      those accounts are supposed to be able to use end-to-end secure
>      communication then at least one of them needs to be able to export its
>      private key material and the other needs to be able to import it.
>
>      For myself, I only use a single MUA.  So my personal workflow would be
>      entirely satisfied if we as a standards body were to declare that there
>      is no interop need for private keys.  But if we want to ensure that
>      end-to-end cryptographic protections are usable and secure for actual
>      e-mail users, then we need to figure out the interop issues for private
>      key material, even if each e-mail user only encounters this interop
>      scenario once, as they provision their second MUA.
>
>      The only way I understand S/MIME to work today is for all the MUAs
>      attached to a given e-mail account to have access to the same private
>      keys, at the very least for those private keys used for message
>      decryption.
>
>      Assuming that we want people to be able to read their encrypted e-mail
>      in any MUA in which they read e-mail, the other two usable architectural
>      alternatives i see are:
>
>       a) private keys are only ever stored on a hardware token which moves
>          between devices with the user.
>
>       b) different MUAs use different private keys for decryption, and the
>          sender of an e2e encrypted e-mail encrypts each message to *all* the
>          encryption-capable certificates it knows about for the user.
>
>      (a) still requires us to standardize private key interop, though it's
>      more of the PKCS#11-style than PKCS#12.  And it requires work on
>      hardware interfaces too.
>
>      (b) is a major systems change, requiring MUAs to change what
>      certificates they advertise for the user (each MUA *must* learn about
>      the other MUAs attached to the account and advertise the corresponding
>      encryption certificates as well), and all senders to adjust behavior by
>      sending messages encrypted to multiple keys per recipient.
>
>      Compared to either of these, standardizing software-based private key
>      interop seems like an easy lift.
>
>      I sympathize with the grumbling about it, but I'd hope that the experts
>      in the IETF LAMPS WG can at least come to a consensus that there is
>      value in standardizing interop for decryption-capable private keys.
>
>             --dkg
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email