Re: [lamps] Hybrid pkix isn't needed
Ilari Liusvaara <ilariliusvaara@welho.com> Tue, 31 January 2023 10:17 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36C69C14CEFE for <spasm@ietfa.amsl.com>; Tue, 31 Jan 2023 02:17:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W6IQPLLg_j3m for <spasm@ietfa.amsl.com>; Tue, 31 Jan 2023 02:17:49 -0800 (PST)
Received: from welho-filter3.welho.com (welho-filter3b.welho.com [83.102.41.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE847C14EB19 for <spasm@ietf.org>; Tue, 31 Jan 2023 02:17:48 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id 0E53A164A6 for <spasm@ietf.org>; Tue, 31 Jan 2023 12:17:47 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id 4cNjKUaUZ8D0 for <spasm@ietf.org>; Tue, 31 Jan 2023 12:17:46 +0200 (EET)
Received: from LK-Perkele-VII2 (87-92-216-160.rev.dnainternet.fi [87.92.216.160]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id D82B572 for <spasm@ietf.org>; Tue, 31 Jan 2023 12:17:45 +0200 (EET)
Date: Tue, 31 Jan 2023 12:17:45 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: spasm@ietf.org
Message-ID: <Y9jqybF28WWL+bvl@LK-Perkele-VII2.locald>
References: <CACsn0c=uPvp_hmakpfPff8WkYh1q9NhjfTJYs7iFu_czL2yAyA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CACsn0c=uPvp_hmakpfPff8WkYh1q9NhjfTJYs7iFu_czL2yAyA@mail.gmail.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/QrC6Cxh56zNs-odUgLN6EvV2aEY>
Subject: Re: [lamps] Hybrid pkix isn't needed
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2023 10:17:50 -0000
On Sun, Jan 29, 2023 at 03:43:15PM -0800, Watson Ladd wrote: > > I don't think linking certs or special provisions for hybrid > encryption or authentication are a good idea. A hybrid encryption > scheme should be an encryption scheme with a public and private key, > just like any other key you can put in the PKIX. > > If for backwards compatibility you want to have multiple kinds of keys > just like we do with RSA and ECDSA keys in TLS, just do that! Don't > add complexities to try to link them or force people to find both keys > at once for an operation. We know that the transition model with > multiple unrelated certs works, and we have experience and fixed bugs > that resulted. Let's use that instead of have new bugs to fix. Furthermore, in context of TLS, linking certificates is a non-starter. The TLS chain rules just plain do not allow that (even the more flexible TLS 1.3 ones), because there is a fundamential limitation of one end- entity certificate. And I consider the TLS 1.3 chain rules to be too complex (paraphrasing, TLS 1.2 has chain of trust, TLS 1.3 has spaghetti of doubt). Linked certificates are much much worse. I consider the complexity to be absolutely terrifying. And standards doing complex stuff absolutely does matter. E.g., the recent OpenSSL security issue was ultimately caused by unnecressary complexity in standards (having to match two fields with very different encodings). -Ilari
- [lamps] Hybrid pkix isn't needed Watson Ladd
- Re: [lamps] Hybrid pkix isn't needed Michael Markowitz
- Re: [lamps] Hybrid pkix isn't needed Watson Ladd
- Re: [lamps] Hybrid pkix isn't needed Tadahiko Ito
- Re: [lamps] Hybrid pkix isn't needed Ilari Liusvaara
- Re: [lamps] Hybrid pkix isn't needed Hubert Kario
- Re: [lamps] Hybrid pkix isn't needed Mike Ounsworth
- Re: [lamps] Hybrid pkix isn't needed Watson Ladd
- Re: [lamps] Hybrid pkix isn't needed Seo Suchan
- Re: [lamps] Hybrid pkix isn't needed Watson Ladd
- Re: [lamps] [EXTERNAL] Re: Hybrid pkix isn't need… Mike Ounsworth
- Re: [lamps] Hybrid pkix isn't needed Stephen Farrell
- Re: [lamps] Hybrid pkix isn't needed Tadahiko Ito
- Re: [lamps] Hybrid pkix isn't needed Ilari Liusvaara
- Re: [lamps] Hybrid pkix isn't needed Ilari Liusvaara
- Re: [lamps] Hybrid pkix isn't needed Carl Wallace
- Re: [lamps] [EXTERNAL] Re: Hybrid pkix isn't need… Mike Ounsworth
- Re: [lamps] Hybrid pkix isn't needed Phillip Hallam-Baker
- Re: [lamps] Hybrid pkix isn't needed Tim Hollebeek