IETF Logo Mail Archive

Re: [therightkey] Draft charter for a Transparency Working Group

Phillip Hallam-Baker <hallam@gmail.com> Thu, 12 December 2013 15:24 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F7D01AE2F9 for <therightkey@ietfa.amsl.com>; Thu, 12 Dec 2013 07:24:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id riRiYMCKhms4 for <therightkey@ietfa.amsl.com>; Thu, 12 Dec 2013 07:24:10 -0800 (PST)
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) by ietfa.amsl.com (Postfix) with ESMTP id 30D8F1A1F61 for <therightkey@ietf.org>; Thu, 12 Dec 2013 07:24:09 -0800 (PST)
Received: by mail-wi0-f169.google.com with SMTP id hn6so917623wib.0 for <therightkey@ietf.org>; Thu, 12 Dec 2013 07:24:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=A1Qf3KhiG4+d/Efc3az35r+TOFFDbQeD7RENsuJN+jQ=; b=Vmgc0DZUJ5M82sVgg6ZLDBuuZyrVUsMJ5LjzM1FbxGvo6xqNb0f1sfs/0m0O7swB6z /bVzYz5+ZeJHhjwKLo7CjmsP1hEY5SrCPPWZggqboBHs5EhztkUoXzPSEW6iJIHsHiZ0 GYEVIcV+2rquwLYn1kfr0keo2v9eAcZvb1MSavytJuYJCezdexz6nM9OIAFl8+olfWjD VVqXorg96tUyqjamfRxLM3Gl/n1kQHbDgO12gQDk8fxP2qHyPYwAuHWGf6QWq8T4m1Dx yAeed0RfG3oRd6CJsyTxpHxGl9S/fQk7RcpajuaFfz0+s20ID4FvX4hVEM9wmc40zfkg Q/sA==
MIME-Version: 1.0
X-Received: by 10.194.94.167 with SMTP id dd7mr7123595wjb.43.1386861842696; Thu, 12 Dec 2013 07:24:02 -0800 (PST)
Received: by 10.194.243.136 with HTTP; Thu, 12 Dec 2013 07:24:02 -0800 (PST)
In-Reply-To: <CECF0556.29FC3%paul@marvell.com>
References: <CABrd9SSzGJy18tf_iR5jFNk-sJyX66OPhmM4H23K5X2ZpWniyQ@mail.gmail.com> <CECE51D6.29F5B%paul@marvell.com> <CABrd9SRwkxWYV9L1iWsyCqzMYKAcpoeSRh+kG6MMMzZC0y8siw@mail.gmail.com> <CECF0556.29FC3%paul@marvell.com>
Date: Thu, 12 Dec 2013 10:24:02 -0500
Message-ID: <CAMm+LwhUEpVSM-Lvtoh2KJoHSJonxhxWL-Qjc6fLgkWLQzB8Kw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "therightkey@ietf.org" <therightkey@ietf.org>
Content-Type: multipart/mixed; boundary="047d7bb03c467caf3804ed57ef22"
Subject: Re: [therightkey] Draft charter for a Transparency Working Group
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2013 15:24:14 -0000

On Thu, Dec 12, 2013 at 9:39 AM, Paul Lambert <paul@marvell.com> wrote:

>
>
> >>
> >> On 12/11/13, 8:55 AM, "Ben Laurie" <benl@google.com> wrote:
> >>
> >>>Who's in?
> >> Very cool concept Š very broad possible applications.
> >> Less interested in HTTPS/TLS, but many applications.
> >
> >Great - can you be more specific what interests you?
>
> 1) Basic logs and the ability to have assurance on time and order
> 2) Distributed authorization systems with an ability to demonstrate the
> existence
>    and ordering of authorization statements
> 3) Time stamps and time synchronization
> 4) Group membership / enrollment
> 5) 'key centric' identity (mappings using hashes of keys as identity)
> 6) Service description and discovery without central registration
>


I am very interested in 5, in fact my strong email addresses are really
just a convenient notation for key centric identity.

But there are two questions here:

1) What should we do?
2) What should we do in the transparency WG?


A draft of the paper I wrote for the IAB/W3C workshop is attached. It
describes the scheme I am currently writing code to support.

The part of the scheme described in the paper is what I consider
'plumbing'. I don't think that I have foreclosed any options by taking the
decisions I did. Most of the design is constrained by previous
specifications and by legacy infrastructure. The decision to use JSON to
encode the 'Prism Hardening Bit' is driven by fashion but I think that is a
good one in this case and I can support it with a use case that JSON meets
but not ASN.1.


But what I don't describe in the paper is the much bigger part of the
scheme that has to do with a next generation PKI model for individual users
built on a synthesis of the PKIX, PGP and CT models.

I could propose that as a WG item but I get the feeling that Stephen is
going to respond that it is research or it should be an experimental or
whatever.

I really want to fix end-to-end email security. But right now the problem
with end-to-end security is not a lack of trust in the key distribution
model. The problem that is killing deployment is that the products are too
difficult to use.

So even though I am building my alternative key distribution infrastructure
on the assumption that there is a CT like infrastructure in place, the
motivation for building that infrastructure is to solve a different problem.


Another area that I have considered and written code for but not yet
described is how to use key centric crypto to secure a Web service.

For example, let us say that we have some infrastructure that lets us
resolve either a hash alone or a hash plus a domain name to a blob of data
that is a policy signed under the corresponding key (a PHingerprint Blob,
fb was already taken).

I am currently using this mechanism to resolve strong email addresses:

<fingerprint>?alice@example.com

We can use just a Web server and the .well-known convention to resolve
(<fingerprint>, example.com) to a policy file.


But while I was writing the proxy I suddenly realized that even though my
email client lets me check the box that says 'use SSL', the client does not
actually check the certificate chain, nor does it let me install my own
root of trust to check the chain against. Which is a pretty big hole. So
what I would like to be able to do to configure my email client is to
specify the mail service connection in a form such as:

phb://example.com/_submit._tcp/<fingerprint>

The corresponding policy would then contain the port and service DNS name
data for connecting to the submit service at example.com.


We can further use this as a discovery mechanism for the phingerprint as
follows:

Let us assume that all the user tells the client is their email address (
alice@example.com) and the client is to work out everything else for
themselves. So the client knows that it wants to talk the SUBMIT protocol
(_submit._tcp) and it knows the domain (example.com). It can now form a
.well-known query for the phingerprint of the corresponding domain:

https://example.com/.well-known/phb/
http://example.com/.well-known/phb/


As a short term measure the user would have to enter a one-time passphrase
to provide initial authentication. But in the longer term this should be
replaced by an out of band confirmation service. When I buy a new device I
want to be able to configure it for use with all my applications through a
one time process in which I tell the device which account(s) to use and
then I get an out of band request for confirmation that this is what I want
to do on an already configured and trusted device.

-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email