Re: [lamps] On the need for standardization of software-based interoperable private keys [was: Re: draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)]
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Thu, 05 August 2021 15:07 UTC
Return-Path: <prvs=785197536c=uri@ll.mit.edu>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5399D3A159E for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 08:07:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 63q7WHNeujZG for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 08:07:25 -0700 (PDT)
Received: from llmx2.ll.mit.edu (llmx2.ll.mit.edu [129.55.12.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ADE53A1599 for <spasm@ietf.org>; Thu, 5 Aug 2021 08:07:24 -0700 (PDT)
Received: from LLE2K16-HYBRD02.mitll.ad.local (LLE2K16-HYBRD02.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTPS id 175F7LOF046521; Thu, 5 Aug 2021 11:07:21 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=FUd5gjEIRBHCwprWfBZtQ1TwRdJ1Ltro8vMz2/cyPkJJIPv1B9uDtEqQIeN9XmT7rH84n468pqf0dYn9YpklQUtwo6Ffi/dbxk6KmnPxeSJcPCHU+LhmwaPg0Z7mnvoRvSbp3aA/Q3CAzlPio/UJ7DTjHmpbvu9hsDXWmkmfHJl7wePDc95cCoGcDIbN+eD+aHoDGHvwqE2faxnGouLhPozMGplqNG4s/HQC5t+13OVKk9eqloAorw08u6o67eEifzk2P1o5io7HzbpXASKcawJV00uyITuSoKW7LMlyYdaggoC5doVv8GQbVyzD4L0FM8sSJFt0MyK/vSUdjKSg5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EN8krexv1poTyvZPh5B9O1H+DA4+VmQRS/FX/gIOWQw=; b=wlOfh/dMQrz+qN1t+/3Md/b14vEG68u7aqN0l6RS8kGVcVD7+g+s0tNyoczRKMvevQdKxCAlT8WuCEnEd+OU33/vIjKeFK5hrSdEgSkv+L4PaHF07/rCgWQoc8Nj8GBFp0DFNLX9odZD0cLXy6Lmwzl9OnNKzhJX+1RkHlKG03tUBoWjyzlYVbusvKsrd/Qn8HcQ23dRWvpk1K8UAFTAPsw+MbRNWDbk9NIdVDloyASdlbLAqkN2xJsLIOQgcx1KjylFL81jcq2aHFP6689CQnoYfH2dg2TU+QOYI3D0OIDHdgQ/k3q9VwoNgoR9PqMTdihEH4szvIx7t41XFusnoA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Eliot Lear <lear@lear.ch>, LAMPS WG <spasm@ietf.org>
Thread-Topic: [lamps] On the need for standardization of software-based interoperable private keys [was: Re: draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)]
Thread-Index: AQHXifP4lFjmp2qTnEmKsxlDo3oh/6tkqeUAgABVIAD//8EqAA==
Date: Thu, 05 Aug 2021 15:07:15 +0000
Message-ID: <E1DA8A39-746D-4A21-B21B-5FF071933A69@ll.mit.edu>
References: <87czr0ww0d.fsf@fifthhorseman.net> <FF939B28-528B-47F9-9C0C-6585D1B02FBE@vigilsec.com> <87mtq3ukk0.fsf@fifthhorseman.net> <CAErg=HHQMZ1jk+bVxA=MzVvW+9ucie7bu-N6O8Asnp0V8Rf9Bg@mail.gmail.com> <30546.1627850836@localhost> <CAErg=HHKL-E5yT0UnPKcLfMQU41iDg7GGgjsSXs3eRg8daJRkg@mail.gmail.com> <87wnp347iu.fsf@fifthhorseman.net> <1388.1627996026@localhost> <87pmuu42hf.fsf@fifthhorseman.net> <20862.1628113377@localhost> <656985A5-BED4-4BA8-9233-B3C93966016C@ll.mit.edu> <877dh03x35.fsf@fifthhorseman.net> <E3BE69E5-937B-4A61-B193-9405AFAF9B2D@ll.mit.edu> <974dd485-a6c2-e19f-92c8-68d75b5c3b28@lear.ch>
In-Reply-To: <974dd485-a6c2-e19f-92c8-68d75b5c3b28@lear.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.50.21061301
authentication-results: lear.ch; dkim=none (message not signed) header.d=none;lear.ch; dmarc=none action=none header.from=ll.mit.edu;
x-originating-ip: [129.55.200.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 05769b66-7ad1-47a7-7370-08d95822b659
x-ms-traffictypediagnostic: CY1P110MB0165:
x-microsoft-antispam-prvs: <CY1P110MB0165B6A029C727B093A23F6C90F29@CY1P110MB0165.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: em7toRtxBYtMFJ54u3biFU5zbZYinF2CY7xKO/T2+IogklO8DPetu4oXa+qa9K3eUBBqQCvpQNj4ZwNquPrAIE4NWoiCHSe0HJhRLVb0YuCGdedhh3aoDVzMU6rtDlTWiWTglXK1M1BrOi7vk3YYdFAkQCP+xJtV93cCrMntIOZwxJG4T8XCKb8m/jd8NJ+vu58KW1fUvPnF8ol7q2Yxw6yha56WtUv0n4jhgYYqD8Hz8DPetfS+PKHLQ8PYzd6aknS1JwwcwleyfS4/13odKD1Bp8xqmKAYD10whsYdugqz6enMY+wGuk/IDkdTbxSr3TBP7wHzd7A9Rfd9II7W/46dfrX8t85AGuwr7passDg4bJNHBaG2TaQrqkRv+e3rMKq6hkWZ99pVuOLS/8pXIO+4ZXaEeJHVgTEKZLlZI3OHTqsxhRSGUPvvsNAwHZCJpxsVus+J96OXGSn7yyQF05ye9AYBZexgSoplmerX64QN/DiLlM1zzw3aYT4uAwWvd7NYpRfUjAz7uxx2k8wJar+ej1v8gaJivzPexsbJPlZyr2gb95KgScNMPX1F8xy10fXnB5UdVq0yeF6dLjgPfoQYWk3iROYXXVUvsJtcBzWbVb22czZcjAh9dytNNpiHAUlDRFfFqDkROWo7UNuS+tWSDtQOpSkE9rUWYn3jkyLX9asyhxb5Nlg0WzluWzYtQk7bQ7qML1RRLoyA96FDgWqhzmp75Tmid2PP6xGk9C+FQpGkSIr/0+St461yMKdXqUqMkbT+BC/IwTahIoEwBw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY1P110MB0677.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(396003)(136003)(39850400004)(346002)(376002)(966005)(186003)(86362001)(26005)(38100700002)(478600001)(2906002)(6512007)(166002)(71200400001)(316002)(38070700005)(110136005)(2616005)(64756008)(76116006)(8936002)(75432002)(33656002)(83380400001)(5660300002)(6506007)(66616009)(66946007)(99936003)(6486002)(8676002)(122000001)(66556008)(66446008)(53546011)(66476007)(85893002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: nh4gnyHqZo+Zm3DHXxxcwxP9ioscYL48rRYnvyHEATAW62Emfm35DGFVAyUjvyVXXpZG5PBGuR7gr2xdnIxYVPBnB0JBcM1OsKTPZzq5XIVwdmjVbf0obctQ1kTLMFhaSqBRQmqhWsCQGJbTzHszjW90dO8MeTgwE4R09g5Wc7GjYGDczuXE9sA3h086mk/d560hGcZxJ/HFwwdLH9W6zTlNM2WclFvBdVkiUmU0ZCZc0dxTg6C1Q1dshTYhcyLug8icohyiVQCdBnfmG92kI7H4qOcis/Uy+uTyeGvncIiZyPpEnJcc5kJg/owx9UKAbHwhM/IM1rdYMoby2194jOqjKWXZT2OUxbhLKqYRPfX42TrKrpcxLggbQdkhuTuSnCx3lmJwLQoBQsokoaqn40fYgkq7IgC0XE2pl22VveP+ceAHkwFtTD6zC3WK0t/N7hHCFQKQmNpkQ1UYpMDLw/DFG/QG6uEStzszHMwwNn+m3TlEtXvMe0tC0GkFEWhwMQjUKfeKexWF/XCbTyeF07l3u036VZF7uES+Zwiep9b+rm13lTLYOeVwrtzNzGJi0MpGhA93dvetCrlTl2plld77fc6jO+/6FmdaVErxY3UQff3ASJihm9FTlFYLlHC7EYPGTeMCEE2rc5LleUcesZ4311PDHjExfO4mKCtvUKtSQ6Qhd79677XN7afOZjlvJevUQqr5E3x3UViUoiOXWw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3711006434_1139793522"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY1P110MB0677.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 05769b66-7ad1-47a7-7370-08d95822b659
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Aug 2021 15:07:15.9444 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1P110MB0165
X-OriginatorOrg: ll.mit.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-05_05:2021-08-05, 2021-08-05 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=912 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2103310000 definitions=main-2108050092
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/rFIbu6fjQMbWQtrea8AuVj17OAg>
Subject: Re: [lamps] On the need for standardization of software-based interoperable private keys [was: Re: draft-ietf-lamps-samples: PKCS12 expertise needed (including objects for comparison)]
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2021 15:07:30 -0000
I REALLY hope not. Are we REALLY struggling with that point? Since in this discussion people repeatedly call PKCS#12 a “protocol”, I think that we do. On 05.08.21 15:47, Blumenthal, Uri - 0553 - MITLL wrote: Am I the only one who thinks there's a difference between protocols and data formats? -- Regards, Uri There are two ways to design a system. One is to make is so simple there are obviously no deficiencies. The other is to make it so complex there are no obvious deficiencies. - C. A. R. Hoare On 8/5/21, 08:18, "Spasm on behalf of Daniel Kahn Gillmor" <spasm-bounces@ietf.org on behalf of dkg@fifthhorseman.net> wrote: On 8/4/21, 17:44, Michael Richardson wrote: > I would be happy if pkcs12 just died. On Wed 2021-08-04 22:28:17 +0000, Blumenthal, Uri - 0553 - MITLL wrote: > - PKCS#12 cannot "just die" because there's a ton of software that cannot import private keys, unless they're in .p12 or such. > - I concur that interoperation for private keys is nonsense. I think i understand the sentiment about wanting PKCS#12 to die, given what a disaster the implementations are and how poorly we collectively understand the format. However, i don't understand how interoperation for private keys is nonsense. Many people with e-mail accounts use multiple mail user agents to access the same account (e.g. one MUA on their phone, another on a laptop). If those accounts are supposed to be able to use end-to-end secure communication then at least one of them needs to be able to export its private key material and the other needs to be able to import it. For myself, I only use a single MUA. So my personal workflow would be entirely satisfied if we as a standards body were to declare that there is no interop need for private keys. But if we want to ensure that end-to-end cryptographic protections are usable and secure for actual e-mail users, then we need to figure out the interop issues for private key material, even if each e-mail user only encounters this interop scenario once, as they provision their second MUA. The only way I understand S/MIME to work today is for all the MUAs attached to a given e-mail account to have access to the same private keys, at the very least for those private keys used for message decryption. Assuming that we want people to be able to read their encrypted e-mail in any MUA in which they read e-mail, the other two usable architectural alternatives i see are: a) private keys are only ever stored on a hardware token which moves between devices with the user. b) different MUAs use different private keys for decryption, and the sender of an e2e encrypted e-mail encrypts each message to *all* the encryption-capable certificates it knows about for the user. (a) still requires us to standardize private key interop, though it's more of the PKCS#11-style than PKCS#12. And it requires work on hardware interfaces too. (b) is a major systems change, requiring MUAs to change what certificates they advertise for the user (each MUA *must* learn about the other MUAs attached to the account and advertise the corresponding encryption certificates as well), and all senders to adjust behavior by sending messages encrypted to multiple keys per recipient. Compared to either of these, standardizing software-based private key interop seems like an easy lift. I sympathize with the grumbling about it, but I'd hope that the experts in the IETF LAMPS WG can at least come to a consensus that there is value in standardizing interop for decryption-capable private keys. --dkg _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm
- [lamps] draft-ietf-lamps-samples: PKCS12 expertis… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Russ Housley
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Salz, Rich
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Russ Housley
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Michael Richardson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Deb Cooley
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Tomas Gustavsson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… David Woodhouse
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Dmitry Belyavsky
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Michael Richardson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Michael Richardson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- [lamps] On the need for standardization of softwa… Daniel Kahn Gillmor
- Re: [lamps] On the need for standardization of so… Stephen Farrell
- Re: [lamps] On the need for standardization of so… Tomas Gustavsson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Dmitry Belyavsky
- Re: [lamps] On the need for standardization of so… Carl Wallace
- Re: [lamps] On the need for standardization of so… Dmitry Belyavsky
- Re: [lamps] On the need for standardization of so… Carl Wallace
- Re: [lamps] On the need for standardization of so… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] On the need for standardization of so… Eliot Lear
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] On the need for standardization of so… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Carl Wallace
- Re: [lamps] On the need for standardization of so… Salz, Rich
- Re: [lamps] On the need for standardization of so… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Bernie Hoeneisen
- Re: [lamps] On the need for standardization of so… Carl Wallace
- Re: [lamps] On the need for standardization of so… Ryan Sleevi
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] On the need for standardization of so… Daniel Kahn Gillmor
- Re: [lamps] On the need for standardization of so… Daniel Kahn Gillmor
- Re: [lamps] On the need for standardization of so… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- [lamps] Transferring cryptographic information in… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Dmitry Belyavsky
- Re: [lamps] On the need for standardization of so… David Woodhouse
- Re: [lamps] On the need for standardization of so… David Woodhouse
- Re: [lamps] On the need for standardization of so… Stephen Farrell
- Re: [lamps] On the need for standardization of so… Ryan Sleevi
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] Transferring cryptographic informatio… Michael Richardson
- Re: [lamps] On the need for standardization of so… Dmitry Belyavsky
- Re: [lamps] On the need for standardization of so… Michael Richardson
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Ryan Sleevi
- Re: [lamps] On the need for standardization of so… Jonathan Hammell
- Re: [lamps] On the need for standardization of so… Russ Housley
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Russ Housley
- Re: [lamps] draft-ietf-lamps-samples: PKCS12 expe… Daniel Kahn Gillmor
- Re: [lamps] On the need for standardization of so… Daniel Kahn Gillmor
- Re: [lamps] On the need for standardization of so… Russ Housley
- Re: [lamps] On the need for standardization of so… Deb Cooley
- Re: [lamps] On the need for standardization of so… Carl Wallace
- Re: [lamps] On the need for standardization of so… Deb Cooley
- Re: [lamps] On the need for standardization of so… Russ Housley
- Re: [lamps] On the need for standardization of so… Dmitry Belyavsky
- [lamps] advertising multiple S/MIME encryption-ca… Daniel Kahn Gillmor