IETF Logo Mail Archive

Re: [therightkey] Basically, it's about keeping the CAs honest

Phillip Hallam-Baker <hallam@gmail.com> Tue, 14 February 2012 01:00 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D993521E8022 for <therightkey@ietfa.amsl.com>; Mon, 13 Feb 2012 17:00:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.244
X-Spam-Level:
X-Spam-Status: No, score=-2.244 tagged_above=-999 required=5 tests=[AWL=-0.945, BAYES_00=-2.599, MANGLED_SHOP=2.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oWNa19XgYevl for <therightkey@ietfa.amsl.com>; Mon, 13 Feb 2012 17:00:21 -0800 (PST)
Received: from mail-tul01m020-f172.google.com (mail-tul01m020-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id B616A21E8010 for <therightkey@ietf.org>; Mon, 13 Feb 2012 17:00:21 -0800 (PST)
Received: by obbwd15 with SMTP id wd15so8731140obb.31 for <therightkey@ietf.org>; Mon, 13 Feb 2012 17:00:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=u79ND6RTrtFdPWEEg1T4bIld8rxiaVRTrMRofbA9R2M=; b=sa0DckT+HOgB5ekORZDVPoAlUNEKRAr924mC1C4zY5EEOHZs50XOnPFD5+ZTASD1Nw VF3KpJ39xfi7TkBQH4OEJqvKyvoyxtYMu6T6oJ6iCCyhGwsMAb3uzZqUzJ4qhy7zxGGR DfB1Sxmsqf8qG+MF73b9Arunhf+tUpAs5rf7c=
MIME-Version: 1.0
Received: by 10.182.1.104 with SMTP id 8mr13751473obl.19.1329181219856; Mon, 13 Feb 2012 17:00:19 -0800 (PST)
Received: by 10.182.75.138 with HTTP; Mon, 13 Feb 2012 17:00:19 -0800 (PST)
In-Reply-To: <CAK3OfOiiT6bssAsN3ot8MUiwhQKndMxtU-_f5bvrUSLjE55x9Q@mail.gmail.com>
References: <CAK3OfOhx_xbx1TrJL==BjmqVM8zZKDa8u4rQ7wCpKom4ZZODOg@mail.gmail.com> <gym47alhbg7shuun2mjezwJv4X.penango@mail.gmail.com> <CAK3OfOiiT6bssAsN3ot8MUiwhQKndMxtU-_f5bvrUSLjE55x9Q@mail.gmail.com>
Date: Mon, 13 Feb 2012 20:00:19 -0500
Message-ID: <CAMm+Lwi=ekew5_Sp0UTcS9h4KBCPA6TADOeXD=wL3=-FNbLoEg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: therightkey@ietf.org, mrex@sap.com, Kyle Hamilton <aerowolf@gmail.com>
Subject: Re: [therightkey] Basically, it's about keeping the CAs honest
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2012 01:00:24 -0000

Before quoting end to end I strongly suggest that you actually read
the Clark paper because it probably does not say what you think it
does. The argument is actually about complexity and strategies for
addressing it.

The end-to-end security model is bunk when it comes to PKI because the
end points of every communication are either people or corporations
and neither can do big number modular arithmetic without some form of
computer support.


So there will always be at least three hops in your model:

Alice <-> Computer  <-> Computer <-> Bob

This really matters a heck of a lot when you start to consider real
world issues like usability.





On Mon, Feb 13, 2012 at 7:28 PM, Nico Williams <nico@cryptonector.com> wrote:
> On Mon, Feb 13, 2012 at 5:08 PM, Kyle Hamilton <aerowolf@gmail.com> wrote:
>> I think the existing mandate that everything be authenticated and tunneled
>> end-to-end only hurts the IETF.  We need to develop systems within models
>
> If it's not end-to-end it's hop-by-hop or worse: no security.  So you
> think hop-by-hop is better than end-to-end?  Yes, there are systems
> where only hop-by-hop security works, but generally we should prefer
> end-to-end.  If you have a good argument for !end-to-end I'm all ears.
>
> Perhaps you don't like trusted third parties.  But end-to-end doesn't
> imply trusted third parties.  Internet scale security has required
> trusted third parties to date, but it's not because of the end-to-end
> architecture.  (Or perhaps I completely misunderstood you.)
>
> Nico
> --
> _______________________________________________
> therightkey mailing list
> therightkey@ietf.org
> https://www.ietf.org/mailman/listinfo/therightkey



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email