IETF Logo Mail Archive

Re: [therightkey] Barely-capable CAs

Phillip Hallam-Baker <hallam@gmail.com> Thu, 01 November 2012 17:22 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 429CD21F9125 for <therightkey@ietfa.amsl.com>; Thu, 1 Nov 2012 10:22:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.765
X-Spam-Level:
X-Spam-Status: No, score=-2.765 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPZBxqw6IhNR for <therightkey@ietfa.amsl.com>; Thu, 1 Nov 2012 10:22:36 -0700 (PDT)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5201721F9127 for <therightkey@ietf.org>; Thu, 1 Nov 2012 10:22:36 -0700 (PDT)
Received: by mail-oa0-f44.google.com with SMTP id n5so3025027oag.31 for <therightkey@ietf.org>; Thu, 01 Nov 2012 10:22:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RGKEbEdLwyR7fY36sTCdYqIjlAA4huew6TwsmH3N9gc=; b=IYOM+nwK/JSoTQbZ3nkZAoQ9kv6y6Mo7tcssAlLT9SRHeTnId01T9lkppijVdvmX4N QF4pd3iRj49dtu9QRE0t1pflI1G23iRLcVPfPnRgZOH8vHC5yQmKsdQTbCO8cssA9kMT PwJqTYBSMFCHh7vmj1LthRo0356u/n4tBG5ieVmqdHbDQZdeakSydubZJsIhbhrpCwFy nyoQwGo4ex+YjjBtWSJ+mvIKIqFZ28vYSMFmUJVTS2Qu2U8nW/mA1C4co759tC2DTK13 MjcQ1fqG3r+jNgOWw4BTsb8z7gyYBpnmyYWxKWZ/S5UZOmDzrBW+oEjv97h0VduFYnM5 B5TA==
MIME-Version: 1.0
Received: by 10.60.7.41 with SMTP id g9mr34176133oea.18.1351790555871; Thu, 01 Nov 2012 10:22:35 -0700 (PDT)
Received: by 10.76.27.103 with HTTP; Thu, 1 Nov 2012 10:22:35 -0700 (PDT)
In-Reply-To: <alpine.BSF.2.00.1211010935330.60568@hiroshima.bogus.com>
References: <7500672F-5BDE-4EBE-ABC3-1AFEF2972D95@vpnc.org> <CABrd9SRa9Ye9gkjpaQ+PqQyay9NKJB__dkDwOBwPHvw16dkTRg@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069D3FBAE8@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CAOuvq22PMSq2sAmUBfJcWu6LhEdCA3jKteu38m4UuHbykp7xZw@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069D5FC685@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <6DD8CB4F-1233-403D-A27E-F3F80310390F@vpnc.org> <544B0DD62A64C1448B2DA253C0114146069D5FC79B@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <508A48C5.9070005@comodo.com> <544B0DD62A64C1448B2DA253C0114146069D76E5FC@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9STHtw__Wm30Z5T27mx8PMb-mScCSa-EZVDdeQvy_Rru1Q@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069F66F830@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9SSJWm_8BY9uN4D6=LmogwkNeLMZtJaOX2MQU1QuCHJwyg@mail.gmail.com> <80A8F0DC-C894-4299-AEC7-12B84A803E84@vpnc.org> <CAMm+Lwh2Qhv8eHtmy=KisShdJiLYe=ziyfezQELqqfu8y9H5qg@mail.gmail.com> <alpine.BSF.2.00.1211010935330.60568@hiroshima.bogus.com>
Date: Thu, 01 Nov 2012 13:22:35 -0400
Message-ID: <CAMm+LwjQiJ3aWpAYdy1hxtf09Sf=4g9AO=r-PihSPVkc8PMLkg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Lucy Lynch <llynch@civil-tongue.net>
Content-Type: multipart/alternative; boundary="e89a8fb20592e4b95604cd7243d5"
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [therightkey] Barely-capable CAs
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2012 17:22:37 -0000

>From my perspective it is much cheaper for me to build a tool that does the
job right and give it to you than to follow the usual approach of yet more
poorly designed and documented stuff that might work or might not.

Having worked in Web security over 20 years now, I have still to see a case
where a system was breached because of a really subtle design flaw. Every
security issue I have seen has been really simple once it has been
identified and isolated.

Computer systems are hard to run and harder to secure because of the volume
of complexity rather than the degree of complexity. Each individual step is
trivial in itself but the cumulative effect is very large. I am sitting
next to the print edition of the Oxford English Dictionary which is 20
volumes of dense print. It is something like 200Mb in total. That was the
pinacle of achievement of Victorian research taking several decades and
thousands of authors. Modern operating systems and applications are much
larger. And because we design and build them in the wrong way it only takes
one mistake for them to fail.

One way that real world sysops defend themselves against complexity is to
refuse to learn anything that is new.


Judging the deployability of a protocol change based on whether IETF
participants are able to do so and willing to invest the necessary effort
skews the sample badly. If it were left to us we would have been using IPv6
for over a decade already.



On Thu, Nov 1, 2012 at 12:38 PM, Lucy Lynch <llynch@civil-tongue.net> wrote:

> On Thu, 1 Nov 2012, Phillip Hallam-Baker wrote:
>
>  This is about barely capable sysadmins.
>>
>
> I'm a barely capable sysadmin and the steps Ben outlined seem both
> reasonable and do-able to me. I also like the option to build it into the
> server where smart hands can build it into the default options for
> configuration -
>
> - Lucy
>
>
>  Different problem.
>>
>>
>> On Thu, Nov 1, 2012 at 11:14 AM, Paul Hoffman <paul.hoffman@vpnc.org>
>> wrote:
>>
>>  On Nov 1, 2012, at 2:10 AM, Ben Laurie <benl@google.com> wrote:
>>>
>>>  Its only software. The process of participating in CT for a server
>>>>
>>> operator is:
>>>
>>>>
>>>> 1. Run command line tool once, giving it your certificate as input and
>>>> an SCT file as output.
>>>>
>>>> 2. Add one line of configuration to your server config.
>>>>
>>>> Not exactly rocket science. If people _really_ find it hard, we could
>>>> build it into the servers so there was no manual step at all.
>>>>
>>>
>>> As someone who has to trust every CA in the root pile in my browsers and
>>> OSs, I find it frightening that a CA who can say "this is your bank's
>>> certificate" cannot handle new requirements for how to say that. If
>>> adopting a simple protocol like this causes an ossified CA too many
>>> problems, maybe I don't trust that CA to be able to issue certificates
>>> for
>>> my bank, much less to be able to know which certificates that they are
>>> actually issuing.
>>>
>>> --Paul Hoffman
>>> ______________________________**_________________
>>> therightkey mailing list
>>> therightkey@ietf.org
>>> https://www.ietf.org/mailman/**listinfo/therightkey<https://www.ietf.org/mailman/listinfo/therightkey>
>>>
>>>
>>
>>
>>
> _______________________________________________
> therightkey mailing list
> therightkey@ietf.org
> https://www.ietf.org/mailman/listinfo/therightkey
>
>


-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email