Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition

Phillip Hallam-Baker <hallam@gmail.com> Fri, 05 August 2011 16:10 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02EC221F8BEF for <woes@ietfa.amsl.com>; Fri, 5 Aug 2011 09:10:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.475
X-Spam-Level:
X-Spam-Status: No, score=-3.475 tagged_above=-999 required=5 tests=[AWL=0.123, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6kDehs4U0Jb8 for <woes@ietfa.amsl.com>; Fri, 5 Aug 2011 09:10:14 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7976F21F8BB7 for <woes@ietf.org>; Fri, 5 Aug 2011 09:10:13 -0700 (PDT)
Received: by yxp4 with SMTP id 4so2127839yxp.31 for <woes@ietf.org>; Fri, 05 Aug 2011 09:10:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=z8fBlC+xerzEpwNeJPUrjrPLNvfGsiZHDxpjD7uK3m4=; b=dELU6eHKFxLZ0VQ439xdLUdC8EGbedawVdwYsYl4WYeCModkW9TN7e/h5F/Wv1nb7H GdZBXLIGGPOS7bs572QSTEaa5YPa8EN6h+Rx5biR6t0bSgACXKMBi+fybUpDXBazoJQq 9YY/46e/1lF+5lIBPL3RnESK2vBmQFBnBgzXA=
MIME-Version: 1.0
Received: by 10.100.254.3 with SMTP id b3mr2099711ani.116.1312560613578; Fri, 05 Aug 2011 09:10:13 -0700 (PDT)
Received: by 10.100.34.3 with HTTP; Fri, 5 Aug 2011 09:10:13 -0700 (PDT)
In-Reply-To: <4E3BE575.4070707@mnt.se>
References: <b9332337-4efa-4355-93a9-7866a5506bb5@default> <CA60EB18.D5CF%joe.hildebrand@webex.com> <CAMm+LwggXXryGuk7gxovPi2FyOpx2UoEc_b0nYGJV=PJ=WXUWw@mail.gmail.com> <4E3BE575.4070707@mnt.se>
Date: Fri, 5 Aug 2011 12:10:13 -0400
Message-ID: <CAMm+LwimeaziBZPXSBq1Pvexw_YsFm+U22izQ1XYMFU=vgxFFg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Leif Johansson <leifj@mnt.se>
Content-Type: multipart/alternative; boundary=00163691ff511e573e04a9c455d2
Cc: woes@ietf.org
Subject: Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 16:10:15 -0000

On Fri, Aug 5, 2011 at 8:43 AM, Leif Johansson <leifj@mnt.se> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 08/05/2011 02:11 PM, Phillip Hallam-Baker wrote:
> > Support for naked keys is useful.
> >
> > Lack of support for certificates where needed would be unacceptable and
> > render the format unsuited for many of the applications we need it for.
> >
> > Certificates are pretty simple to deal with. The problems that they are
> used
> > to address are not simple.
>
> I also think you need both. Sometimes you need to use a key for both
> signing and TLS for instance.
>
> >
> > Whatever you thought of the 'Trust Router' proposal made at last IETF, it
> is
> > certainly no simpler than the PKI based approach and that is before they
> > have put it in operation and found the operational requirements.
>
> I don't think that proposal is targeted for anything that comes even
> remotely close to signed objects. Lets not go there.


Which is exactly what I am arguing for.

If the group decided it is 'only' going to do raw key it would inevitably
end up going there because the problems are going to take it there.

The way to avoid going there is to build on the infrastructure already
designed to go there and let people hook into that infrastructure where it
is useful.


Otherwise we are like the office that decides not to build a loading dock
because handling deliveries of office supplies requires too much manual
effort. If you need the office supplies you are going to be dealing with the
deliveries.

-- 
Website: http://hallambaker.com/