IETF Logo Mail Archive

Re: [lamps] Potential Topics for LAMPS Recharter

Tim Hollebeek <tim.hollebeek@digicert.com> Mon, 02 April 2018 17:37 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6847F126D85 for <spasm@ietfa.amsl.com>; Mon, 2 Apr 2018 10:37:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id weEGbB-j94a5 for <spasm@ietfa.amsl.com>; Mon, 2 Apr 2018 10:37:01 -0700 (PDT)
Received: from mail1.bemta12.messagelabs.com (mail1.bemta12.messagelabs.com [216.82.251.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CB71126B72 for <spasm@ietf.org>; Mon, 2 Apr 2018 10:37:01 -0700 (PDT)
Received: from [216.82.251.38] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-6.bemta-12.messagelabs.com id 3A/A3-27145-C3A62CA5; Mon, 02 Apr 2018 17:37:00 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTa0wUVxiG98zM7o6W0XHA8rGBVFcjsg0oDQS UBg2/tiZ4+2FavOAgI7u6u5CZ1WCsdf1RGi4VSiFVVNY1aCyXqnhbr7hrvaGiIiIo0ahrUxYR LbZKS6Ezewbb/jl5zvu+3/m+MzlDk1yF3kALhU5BdPA2o2481TXl+MT4tHX+rNnei3GpwV+79 anfvdqFUms716T+cK5TP58yN5Xe05lvN/xOmOvqhghzfc8b7WIqS2t15OQXrtZaLhedJQpGhc IO7zeUC3Vll6DxNMUOELDtVDGpbDi2mgDvUzfCm8cIiq+805WgcbSOnQ2d564QCkewq+DBzn0 hJtl54D5doVU4nJ0D12sbSZyZC8FAl8oZEBwsDeUpdjq0fjuCFGbYFdDS8xuFm51EcGm4Ul+C aHocuwROP0pRMoj9EN62Nqq9IuFBwB1iYCPgyZ3rOsyToffZiBbnV8CeQb+qG+GnFz1qPgba3 aUI8zECPG0TMcfDq+pqEnMmnH/aG5oH2HYEu74/rBaYIHCvjMK8HnzNTSovgNEb5SQuqCPhRN tYKBqGut/osNGvhSNDI3rF4NhcqKr3q8YtElzD27UVyFTzn+thdiNo+3lhTegzTYJrOwMU1rP gj7IiErMJqpuCqv4RnOzfLeu0zHFw+a4Ryx/DAU+fGk+DHX/6dJinQlXpEz3mZOi79BrtRR/U o5mSIG4UxPiklIQc0Zpncdp5qy0+MfGTBLsgSXyeYONzpIQ1+fZmJL/IrRoN8qL7nuV+FEUTx snM3mR/FjchJz93k4WXLNniBpsg+VE0TRuBGbDI3iRRyBMK11pt8rMes4EOM0YwWxWbkQp4u2 TNw1YrmkMPH6ssI2n/QJW8tikrRznyHYIhkkm2ygWsUmDZ4Hh/3NiP0o5iDOEM0mg0XFiBINq tzv/7QRRJI2M406ycEmZ1ON93DcoDEfJA8xwXlIGc/L+WwYWWrRQetuyfX/P5ne1b0l2m8yca Yjd7nL3ijbAzjc9fR85sjjMPcr/okiBzS3d/x8s9M24/Rj7PraNpX/DLfvzMzPQ1GL760tfR4 R2d1e9JJ33uMwvR397sT/8qD0RNc91M+Tp4lYP0AkjLOH4wdvnSzEVcbu2ppLuaqpbVh9ZNj8 00UpKFTzSRosT/A6L6SlQjBAAA
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-16.tower-163.messagelabs.com!1522690619!155807252!1
X-Originating-IP: [216.32.181.15]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.15; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 24086 invoked from network); 2 Apr 2018 17:36:59 -0000
Received: from mail-co1nam03lp0015.outbound.protection.outlook.com (HELO NAM03-CO1-obe.outbound.protection.outlook.com) (216.32.181.15) by server-16.tower-163.messagelabs.com with AES256-GCM-SHA384 encrypted SMTP; 2 Apr 2018 17:36:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=COudHOpB8MPh4scO59GijyGSBhiZ+cpnT+bAxBIubeM=; b=ihjFgHLPnUBfxG3aZjDioq31z2FGT8Ui45TzG+DLBzKKGDXJK4x9n6YmAH9xERV7bp/nmM87xBTbhyKld5jCAYhThF4ddj/Yn6wNqg5OkLDuGctt4ckzS7my/AzUngFHX2CkMwBkk3OOm/yEE6OcZAICspzW15Efe/MXvuWgS/U=
Received: from MWHPR14MB1376.namprd14.prod.outlook.com (10.173.232.139) by MWHPR14MB1408.namprd14.prod.outlook.com (10.173.232.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.631.10; Mon, 2 Apr 2018 17:36:57 +0000
Received: from MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::ad66:bb50:b8e8:9dfd]) by MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::ad66:bb50:b8e8:9dfd%17]) with mapi id 15.20.0631.013; Mon, 2 Apr 2018 17:36:57 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: LAMPS <spasm@ietf.org>, Russ Housley <housley@vigilsec.com>
Thread-Topic: [lamps] Potential Topics for LAMPS Recharter
Thread-Index: AQHTyFGlutXkvwXrfkeA7bnki8dqwaPtjteAgAAEvwCAAC1+cA==
Date: Mon, 02 Apr 2018 17:36:57 +0000
Message-ID: <MWHPR14MB13764A9DC8031E40F780431B83A60@MWHPR14MB1376.namprd14.prod.outlook.com>
References: <1D329233-AFCE-421B-81FE-EDDC30386260@vigilsec.com> <d8b67f78-4e46-a85f-4bc7-2065aaf90c6c@cs.tcd.ie> <CAMm+Lwj6h+UGkPEokMW4v31xYziRQnHsnv1d0PJozFJvxtEbbA@mail.gmail.com>
In-Reply-To: <CAMm+Lwj6h+UGkPEokMW4v31xYziRQnHsnv1d0PJozFJvxtEbbA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [98.111.253.132]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR14MB1408; 7:MYF1Lq+Jk3ZIojBG53/kAz5oR6v9opFxteUR4wg+3fXiMnLmEDx8zFBGOz420xPWQdG2sldtM9B7ttEi71bHkMcD6K1zVNlMFAsy3np9vHapmfTq27qAqtkgWZaBLPifOq0GagZ3xipbSd+MkmpPFQUNdZSWNeq/DsntWWx2J2faeO0lYim6GTA/XNNYSZXhOk0GaTYPtYTuWg9bUNE3vnLkcXlg5kyaSQzMtKuupgdhMPyz/9RYSS2ODN+aJNrh
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 8bdc2396-16c4-4997-367f-08d598c05532
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(49563074)(7193020); SRVR:MWHPR14MB1408;
x-ms-traffictypediagnostic: MWHPR14MB1408:
x-microsoft-antispam-prvs: <MWHPR14MB1408491B62915A178BE50C8C83A60@MWHPR14MB1408.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(8121501046)(5005006)(3231221)(944501327)(52105095)(3002001)(93006095)(93001095)(10201501046)(6041310)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:MWHPR14MB1408; BCL:0; PCL:0; RULEID:; SRVR:MWHPR14MB1408;
x-forefront-prvs: 0630013541
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39380400002)(366004)(376002)(39850400004)(346002)(189003)(199004)(106356001)(6506007)(9686003)(4326008)(54896002)(6306002)(229853002)(55016002)(54906003)(102836004)(110136005)(68736007)(66066001)(5660300001)(478600001)(53936002)(7736002)(74316002)(105586002)(7696005)(25786009)(6246003)(33656002)(3280700002)(99286004)(186003)(6436002)(6116002)(790700001)(3846002)(8676002)(81156014)(81166006)(8936002)(476003)(486005)(486005)(3660700001)(14454004)(86362001)(2906002)(446003)(5250100002)(316002)(76176011)(11346002)(99936001)(97736004)(26005)(2900100001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1408; H:MWHPR14MB1376.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: HGAXxR+PKCMVSDiLBjmxQrFF/sB9wLnnq+oTHivdLArBys/KmF9PAJk7jN+CdgOnJf0B3w/CT350gmdZ9TcpHeHISj1t4usWqD/lZu1SiQ4CVksg7kFxynrMIZzGpdWvxSH72zlH+rwtcmVM6kHuputQ3xxqZ8lyvUFKr9Fijc3V6BZ0n3hf7y1Fqegz70uynqWuq17rSbKzJIDDDvl3bbAdxtVCWfPSdzha1Awpc/AU4082c7C+qQ8sFPY1pO1CDc8MZMLfaEjJqJZUDhlGeHfOaWYNoE0dTyn/bGstMw6k2lxIcqZHKXs5sjStNcKS4Tx7yeViW2/xnF5c2ZFrTh4O1oulogAbNtAlOG1W9swnBv6bfn/XCf2eWsXKccZVc2sjyg88zxShNgk0pvTGQ36u0N6FaFZkY9KeXkNl9LE=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_04D4_01D3CA87.A6B87AE0"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8bdc2396-16c4-4997-367f-08d598c05532
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2018 17:36:57.0946 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1408
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/sWPt4Pqn1FklPzjUsUbrrhiRePg>
Subject: Re: [lamps] Potential Topics for LAMPS Recharter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Apr 2018 17:37:04 -0000

I agree with Phil.  We need something small in the short term (LAMPS is fine 
for that), and something well-baked in the longer term.  As I said in London, 
I think we will eventually need a QuiRKI working group.



-Tim



I agree that PKIX became a problem. But a large part of the problem was that 
PKIX became a brand in the industry and so implementing 'all of' PKIX became 
an issue..



I don't see SUIT as a good fit. First, I don't think we are ready to use these 
sigs for software signing, I think we would be using them for authenticating 
roots of trust to be used in extremis. To go beyond that narrow remit openeth 
up a very large problem space. We would have to go through the whole issue of 
how to bootstrap QR crypto applications.



I do not think we need to go any further at this stage than to convince 
ourselves that we tell people to create sufficient signing capacity to support 
the ability to bootstrap.



The way I would like to containerize the problem is:



LAMPS: Itsy bitsy extension to certificate signing certs to embed QR signature 
bootstrap

IRTF: Propose QRKI (Quantum Resistant Key Infrastructure) and bootstrap (a 
five year mission)

v2.30.2 | Report a Bug | By Email | System Status