Re: [lamps] Considerations about the need to resume PKIX work
"Dr. Pala" <madwolf@openca.org> Thu, 20 July 2017 11:53 UTC
Return-Path: <madwolf@openca.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C87912EC30 for <spasm@ietfa.amsl.com>; Thu, 20 Jul 2017 04:53:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KggprZMobWeC for <spasm@ietfa.amsl.com>; Thu, 20 Jul 2017 04:53:25 -0700 (PDT)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id B06D812969E for <spasm@ietf.org>; Thu, 20 Jul 2017 04:53:25 -0700 (PDT)
Received: from dhcp-8e48.meeting.ietf.org (dhcp-8e48.meeting.ietf.org [31.133.142.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id D1E923740FB2 for <spasm@ietf.org>; Thu, 20 Jul 2017 07:53:24 -0400 (EDT)
To: spasm@ietf.org
References: <04e73e42-7c5b-912d-cc79-7959a710927e@openca.org> <C9C409F5-778F-4BEF-98B7-10D86996F1F8@vigilsec.com>
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <0f6d2715-b50a-3d29-09e6-4b75e5fb808a@openca.org>
Date: Thu, 20 Jul 2017 13:53:22 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <C9C409F5-778F-4BEF-98B7-10D86996F1F8@vigilsec.com>
Content-Type: multipart/alternative; boundary="------------90BCD11938447DD17C7AE12C"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/MVkhfq05nSeQYw54h3e0JL34Q_c>
Subject: Re: [lamps] Considerations about the need to resume PKIX work
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 11:53:29 -0000
Thanks Russ, will do. On 7/20/17 1:43 PM, Russ Housley wrote: > Max: > > If you can turn these into separate charter items with a description > of the deliverable and milestones, then we can discuss each idea on > its own. Of course, in this group we expect that there be a > commitment that it will be implemented. > > Russ > > >> On Jul 20, 2017, at 7:37 AM, Dr. Pala <director@openca.org >> <mailto:director@openca.org>> wrote: >> >> Hi all, >> >> I would like to draw the Sec Area attention on an issue that I think >> is becoming more relevant every day. >> >> It seems quite clear that today there is a lot of work around >> authentication and encryption that make use of PKIX certificates. >> However, there is no place in IETF, today, where problems related to >> PKIX can be effectively tackled. In the following paragraphs I try to >> summarize the issue and the proposed work and a call for discussion >> around the feasibility of resuming the work in two particular areas: >> revocation and discoverability. >> >> *The Problem >> >> *What I noticed in recent proposals in many working groups (when it >> comes to certificate management) is that more and more people turn >> towards the use of short-lived certificates to avoid checking >> revocation information. Sometimes this choice is motivated by real >> technical considerations, but in many cases the choice is "forced" >> because nobody is currently working on fixing the two main issues >> related to trust infrastructures: efficient revocation and >> discoverability of services. >> >> *The Revocation Situation* >> >> Most of the times, when interacting with PKIs, we are still stuck >> with CRLs, OCSP if we are lucky (including stapling - available in >> TLS connections if really really lucky), and in most cases even these >> mechanisms are criticized widely by people as being inadequate today. >> This resulted in applications to use proprietary methods for checking >> revocation (e.g., CRLSet) or to skip checking all together (or >> mandate for short-lived certificates only as in the case, for >> example, of STIR). >> >> Many people today ignore the fact that, when coupled with small >> devices, the generation of new keys require (a) a lot of resources, >> and (b) a good source of randomness. Requiring apps / devices to >> generate new keys might seem a good idea at first, but is this better >> than checking revocation ? What about the complexity of key management ? >> >> /Examples of possible work to address the issues are OCSP over DNS >> and some more efficient ways to verify the validity of a whole chain >> of certificates efficiently./ >> >> *The Discoverability Situation* >> >> As far as I know, there are no standardized mechanisms that would >> provide discoverability of services that would help users and >> applications to discover Public Key Services providers and associated >> services in a dynamic fashion. When I brought it up during the BoFs >> of possible working groups where the issue could be discussed.. well, >> the proposal was redirected to /dev/null (e.g., ACME, SPASM, and LAMPS). >> >> Isn't that curious that still today nobody is working on some sort of >> infrastructure that would facilitate interacting with PKIs ? After >> all, PKIs are the core Trust mechanism that enables reliable >> authentication and encryption over the Internet today. Such >> infrastructure could really improve the security of the Internet and >> make PKIs more usable from an application (and users) standpoint of view. >> >> /Examples of possible work to address the issue are a PKI Resource >> Query Protocol (PRQP) and/or the use of P2P systems as distribution >> mechanisms for Public Key related operations (e.g., EST, BRSKI, or >> ACME over P2P - 0-configuration support for PK)./ >> >> *Deployment Trends in the Real World* >> >> Today I am witnessing the deployment of arguably not-well-designed >> PKIs (or, in other terms, what I call Weak PKIs) that do not provide >> support for revocation and that are expected to use CAs and EE >> certificates with validity periods of 30, 35, or 50 years (yes, also >> EE - especially for devices). Besides the fact that it is a common >> assumption that the algorithms (e.g., P-256) used in these >> environments (e.g. IoT) are NOT going to pass the test of time, >> ignoring the revocation could really affect the privacy of millions >> of people - and we are currently not doing anything at the IETF to >> prevent this issue. >> >> /There is the need for simple revocation services, but arguably we do >> not have what's needed today (requires improvements)./ >> >> *IETF Specific Situation and Issues* >> >> Why are we so unprepared to face these issues ? I would say (still >> personal point of view - based on almost 20 yrs of participation in >> PKI discussions) that these might be some of the main reasons: >> >> * *There are NO venues where to discuss possible solutions to >> existing problems.* The PKIX working group has been closed down >> (very arbitrarily, I might say, since there is still a lot of >> work needed to be done around PKIX as highlighted above) >> >> * *The LAMPS, SPASM, and ACME WGs have/have had, on purpose, very >> narrow scoped Charters and only few items**(mostly quite marginal >> issues, IMO) are actually accepted as working items (w/ reference >> to SPASM and LAMPS in particular).* Solving revocation and >> discoverability issues should be the 1st item and the most >> important on the list (at least revocation) but they are not - >> actually when that was proposed to be included as part of the >> charter(s), the requests were not even acknowledged or rejected >> with no real technical reasons. >> >> * *The constant**nonsense of people saying that PKIs do not work as >> an excuse not to improve them while they (PKIs) are the reason we >> can deploy secure protocols and provide privacy. *It is evident >> that PKIs are here to stay, this is a fact. Their usage has >> increased exponentially in the past years and they have, so far, >> passed the test of time. IoT is one use-case. ANIMA is another. >> ACME is another. Just to cite few of them. >> >> Moreover, things are happening in environments outside IETF (WIFI 2.0 >> Alliance, OpenADR, CMI, etc.) and IETF un-willingness of working on >> these problems is really scary to me. The world moves forward, fast, >> and the IETF is standing still on this topic./*I really do not >> understand why.*/ >> >> *Final Considerations* >> >> In this message I try to summarize the reasons why I think there is >> the need to provide a venue where these problems are discussed and >> the need for key people to not actively block the possibility for >> people that are willing to work on this to have a venue where the >> work can be carried out. >> >> I think that this work is of the utter importance and I would like to >> understand what the position of the whole security area is around >> these points and the proposed work. >> >> /I hope that the discussion around this message can spark some >> interest and that work in the PKIX area can finally resume at the >> IETF - which was, in the past, thought of as the lighthouse where >> these issues could be addressed./ >> >> A small request, please, try to read this e-mail carefully and >> consider the implications of NOT taking on these tasks when replying >> and/or discussing the topic. Also, since I know this (PKIX) is a >> minefield for "political" reasons (which should not be a drive here), >> please keep the discussion on the positive / constructive side (thanks). >> >> /If you feel like a private response is better than on the mailing >> list, please just reply privately./ >> >> Looking forward to hear your opinions on this hoping that this e-mail >> can be the beginning of the end of PKIX still-standing issues :D >> >> Cheers, >> Max >> >> -- >> Best Regards, >> Massimiliano Pala, Ph.D. >> OpenCA Labs Director >> <efhklhncoknghhph.png> >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org <mailto:Spasm@ietf.org> >> https://www.ietf.org/mailman/listinfo/spasm > > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Considerations about the need to resume P… Dr. Pala
- Re: [lamps] Considerations about the need to resu… Russ Housley
- Re: [lamps] Considerations about the need to resu… Dr. Pala
- Re: [lamps] Considerations about the need to resu… Dang, Quynh (Fed)
- Re: [lamps] Considerations about the need to resu… Salz, Rich
- Re: [lamps] Considerations about the need to resu… Dr. Pala
- Re: [lamps] Considerations about the need to resu… Dr. Pala
- Re: [lamps] Considerations about the need to resu… Dmitry Belyavsky
- Re: [lamps] Considerations about the need to resu… Dmitry Belyavsky