[therightkey] Basically, it's about keeping the CAs honest
Nico Williams <nico@cryptonector.com> Mon, 13 February 2012 01:39 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CC3921F86F1 for <therightkey@ietfa.amsl.com>; Sun, 12 Feb 2012 17:39:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.622
X-Spam-Level:
X-Spam-Status: No, score=-0.622 tagged_above=-999 required=5 tests=[AWL=-1.245, BAYES_50=0.001, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ScS-DS4nCdn for <therightkey@ietfa.amsl.com>; Sun, 12 Feb 2012 17:39:31 -0800 (PST)
Received: from homiemail-a84.g.dreamhost.com (caiajhbdcbbj.dreamhost.com [208.97.132.119]) by ietfa.amsl.com (Postfix) with ESMTP id 9FF2621F8677 for <therightkey@ietf.org>; Sun, 12 Feb 2012 17:39:31 -0800 (PST)
Received: from homiemail-a84.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a84.g.dreamhost.com (Postfix) with ESMTP id 59E491DE00B for <therightkey@ietf.org>; Sun, 12 Feb 2012 17:39:31 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :date:message-id:subject:from:to:content-type; q=dns; s= cryptonector.com; b=PpXGLZWdVSq3mPAyESXth1lU22t14keJHEbSHNRpqrRC bwt0Y8xXtdG5zs3Wh1hbF0n6SqhsexEAZEhwPH9GXa3TY4GWU59Wk6H2fG70mIP1 svUeyTuvvR419LLwR3b8DUGKwqJQ3ZYHF12unfzIhReL60gtqHhR2IFGf/OaDEU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:date:message-id:subject:from:to:content-type; s= cryptonector.com; bh=Jzd1HNj7Hr5qnrkr8Iog0XCvFOI=; b=QIZNVTEkt7p 5eJodPW2Ft6jG75WJ+ROnRlTAoKVosfr7zfwBaEtBs63auQjoMkHi0xUNN1MOQ0x kK+KvzpYiCMblkpAivWfMQXn/EsCf4MfJVD0vrl5QbrnryH/woO2412S6P8l00NB xqH+XhzMA2mbwokqEFU6XmIU+tjGmIIQ=
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a84.g.dreamhost.com (Postfix) with ESMTPSA id 472781DE005 for <therightkey@ietf.org>; Sun, 12 Feb 2012 17:39:31 -0800 (PST)
Received: by pbcwz7 with SMTP id wz7so4331054pbc.31 for <therightkey@ietf.org>; Sun, 12 Feb 2012 17:39:30 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.217.67 with SMTP id ow3mr41704137pbc.125.1329097170709; Sun, 12 Feb 2012 17:39:30 -0800 (PST)
Received: by 10.68.136.4 with HTTP; Sun, 12 Feb 2012 17:39:30 -0800 (PST)
Date: Sun, 12 Feb 2012 19:39:30 -0600
Message-ID: <CAK3OfOhx_xbx1TrJL==BjmqVM8zZKDa8u4rQ7wCpKom4ZZODOg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: therightkey@ietf.org
Content-Type: text/plain; charset="UTF-8"
Subject: [therightkey] Basically, it's about keeping the CAs honest
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2012 01:39:32 -0000
Whether we pursue auditable CAs / notaries, Convergence, HSTS, user authentication that can do channel binding -- all these options are about keeping the CAs honest by making it too likely that MITMing CAs (whether compromised or by business plan) will get detected. Someone made a comment about elegance. I'm not sure that anything other than making CAs auditable is elegant, but I don't think elegance is really what we're after (though elegance is always nice). I think we're after a PKI where MITMing is not likely to pay off except in relatively rare circumstances (e.g., when a new device is bootstrapping itself), so rare that it isn't worth trying to MITM even in those very few cases. That would make me like PKI. Nico --
- [therightkey] Basically, it's about keeping the C… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… David Conrad
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… David Conrad
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Benjamin Kreuter
- Re: [therightkey] Basically, it's about keeping t… Yoav Nir
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Chris Palmer
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Chris Palmer
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Stephen Farrell
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Carl Wallace
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Tom Ritter
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Daniel Kahn Gillmor
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Tom Ritter
- Re: [therightkey] Basically, it's about keeping t… Daniel Kahn Gillmor
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker