IETF Logo Mail Archive

Re: [lamps] On the need for standardization of software-based interoperable private keys [was: Re: draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)]

Carl Wallace <carl@redhoundsoftware.com> Thu, 05 August 2021 15:36 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9EE23A173F for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 08:36:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KKhouPxukLOT for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 08:36:49 -0700 (PDT)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F82E3A170C for <spasm@ietf.org>; Thu, 5 Aug 2021 08:36:45 -0700 (PDT)
Received: by mail-qk1-x734.google.com with SMTP id az7so6667110qkb.5 for <spasm@ietf.org>; Thu, 05 Aug 2021 08:36:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version:content-transfer-encoding; bh=mLhr8hxW/XEgVYEPFUaQdI57/a2tDHexszOGMSis9MY=; b=hbAzsAGiHPoslesdUUZE5UEelxIcqcutcdfPUqw/66huTLaxa4ATXMSOBLCobzGLoL cFBZ7AVlo1fBXii1scz/0Cf6PtvwT8H7oHzXwq0FVb6fw3Hx2Q3gyR8W7Ca6KA1alzIi M9JR6M6A1glNjnD2hz/4y8UWKSpE6HPyztChE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=mLhr8hxW/XEgVYEPFUaQdI57/a2tDHexszOGMSis9MY=; b=H77uEFr9iYsR96eEiJgvTCIn/L5eir8faHSmAIaC2vixvBIY5V63Q0HKHzeDlUuZQr rBExZy+Av+BIVsJD36oPVNNXdXGu/cj8wumhh/fnUdu/KYhve/X9fWiG4Uv6jlkTRkIj MRJnCV8Vp7nZxabeeuOb2Hen1afN6FYEuLggnRdWYipEi9dyMzyUNW0XEowAKPBy6PJw UjFXwFPPjYROJt7xvPfAfNKZDFp3xCMxjJkRXyVTBOivtIVfvQbnkbYXS9z4pDyBE1jb aohNcFkQE2ciFaDln5y9sH9yJEsyZlBMO78xOO+vVbbMzXkGgiZ/oQc585sZPrvwxYES rtrA==
X-Gm-Message-State: AOAM532H7zN2J5xQT7ULx+b6c0nUS1vvvsVnZT7Ov4vBGArEgylyh2ia zOBKMtrQXfP6bd3xsdOJdwXFNe/oR8jHa0d0
X-Google-Smtp-Source: ABdhPJz6LOKC311dEyZ3yrF8mgj664GDz17oAGpEnVf5qFa2larVuCClc+D+FlOL01FR0SWanxqH1w==
X-Received: by 2002:a05:620a:913:: with SMTP id v19mr5423410qkv.429.1628177802716; Thu, 05 Aug 2021 08:36:42 -0700 (PDT)
Received: from [192.168.2.16] (pool-173-73-191-214.washdc.fios.verizon.net. [173.73.191.214]) by smtp.gmail.com with ESMTPSA id l29sm2659771qtn.8.2021.08.05.08.36.42 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Aug 2021 08:36:42 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.51.21071101
Date: Thu, 05 Aug 2021 11:36:41 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, spasm@ietf.org
Message-ID: <156EE38A-6688-435C-9191-8D577EDCA251@redhoundsoftware.com>
Thread-Topic: [lamps] On the need for standardization of software-based interoperable private keys [was: Re: draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)]
References: <87czr0ww0d.fsf@fifthhorseman.net> <FF939B28-528B-47F9-9C0C-6585D1B02FBE@vigilsec.com> <87mtq3ukk0.fsf@fifthhorseman.net> <CAErg=HHQMZ1jk+bVxA=MzVvW+9ucie7bu-N6O8Asnp0V8Rf9Bg@mail.gmail.com> <30546.1627850836@localhost> <CAErg=HHKL-E5yT0UnPKcLfMQU41iDg7GGgjsSXs3eRg8daJRkg@mail.gmail.com> <87wnp347iu.fsf@fifthhorseman.net> <1388.1627996026@localhost> <87pmuu42hf.fsf@fifthhorseman.net> <20862.1628113377@localhost> <656985A5-BED4-4BA8-9233-B3C93966016C@ll.mit.edu> <877dh03x35.fsf@fifthhorseman.net> <722a1f15-8ac8-54f2-3c7a-14c7ed92c6ef@cs.tcd.ie> <SA2PR22MB2537BB784F2327052238317FE8F29@SA2PR22MB2537.namprd22.prod.outlook.com> <FAEBE63D-1CCC-4F76-B064-BD2DD4F02357@redhoundsoftware.com> <f0ac754b-18c4-8fdb-fff3-4d8675a9cefb@sandelman.ca>
In-Reply-To: <f0ac754b-18c4-8fdb-fff3-4d8675a9cefb@sandelman.ca>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/DbzzmxH54bJgKZtLlVxAOhqG8Ng>
Subject: Re: [lamps] On the need for standardization of software-based interoperable private keys [was: Re: draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)]
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2021 15:37:03 -0000

Inline...

On 8/5/21, 11:31 AM, "Spasm on behalf of Michael Richardson" <spasm-bounces@ietf.org on behalf of mcr+ietf@sandelman.ca> wrote:

    On 2021-08-05 8:52 a.m., Carl Wallace wrote:
    > Given everyone has a hardware crypto module in their pocket these days 

    yes, me.  I don't use it much, and not for email at all, although I 
    guess it is supported.  I am hesistant because I don't know how to 
    recover from loss of token.

    But, nobody I know who isn't working at a big company/government has 
    one.  And few of them either.

    I'm not saying it couldn't change, but I think your assertion is not true.
[CW] I was referring to Secure Enclave in iPhones, TEE/Strong Box on Android and TPM on Windows 10 devices. I agree these are not widely used for email decryption, but they could be.  There certainly are enough of them around though.

    > and setting aside key escrow concerns, another way to get at this would 
    > be to encrypt for more than one key and forego exporting and sharing 
    > keys. That might not even require new protocol work but just better use 
    > of what we have now.
    > 

    I share your aspiration.

    _______________________________________________
    Spasm mailing list
    Spasm@ietf.org
    https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email