Re: [wpkops] [T17Q11] SV: [pkix] X.509 whitelist proposal
"Erik Andersen" <era@x500.eu> Fri, 18 July 2014 12:46 UTC
Return-Path: <era@x500.eu>
X-Original-To: wpkops@ietfa.amsl.com
Delivered-To: wpkops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CCCE1A0AF0 for <wpkops@ietfa.amsl.com>; Fri, 18 Jul 2014 05:46:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.89
X-Spam-Level:
X-Spam-Status: No, score=-0.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DK=1.009, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ecIEb9vWgj3H for <wpkops@ietfa.amsl.com>; Fri, 18 Jul 2014 05:46:48 -0700 (PDT)
Received: from mail04.dandomain.dk (mail04.dandomain.dk [194.150.112.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 018D71A0645 for <wpkops@ietf.org>; Fri, 18 Jul 2014 05:46:47 -0700 (PDT)
Received: from Morten ([62.44.135.162]) by mail04.dandomain.dk (DanDomain Mailserver) with ASMTP id 4201407181446433131; Fri, 18 Jul 2014 14:46:43 +0200
From: Erik Andersen <era@x500.eu>
To: trutkowski@netmagic.com, tony@yaanatech.com, stephen.farrell@cs.tcd.ie
References: <000b01cfa1bc$b6872ef0$23958cd0$@x500.eu> <53C85314.3040102@yaanatech.com> <003301cfa26b$039c77a0$0ad566e0$@x500.eu> <53C90EC4.1070006@netmagic.com>
In-Reply-To: <53C90EC4.1070006@netmagic.com>
Date: Fri, 18 Jul 2014 14:46:42 +0200
Message-ID: <002501cfa286$53ffbca0$fbff35e0$@x500.eu>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0026_01CFA297.178A6160"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQFen6BH0OQwBY9AWxzuVVIZFItMGQHZLJJdArd3qkcCry54RZxNx9AA
Content-Language: da
Archived-At: http://mailarchive.ietf.org/arch/msg/wpkops/C8JN-kx5-ss29Lqo3B9CpECl0B0
Cc: pkix@ietf.org, Directory list <x500standard@freelists.org>, wpkops@ietf.org, 'SG17-Q11' <T13sg17q11@lists.itu.int>
Subject: Re: [wpkops] [T17Q11] SV: [pkix] X.509 whitelist proposal
X-BeenThere: wpkops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <wpkops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpkops>, <mailto:wpkops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/wpkops/>
List-Post: <mailto:wpkops@ietf.org>
List-Help: <mailto:wpkops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpkops>, <mailto:wpkops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2014 12:46:50 -0000
Hi Tony, I have no intention to submit a contribution without the permission from the Danish ministry. I would be killed. Before I can submit it, it has to be approved by two different Danish authorities. The agreement is that I first distribute it among experts to get any constructive comments that could improve the proposal before getting it through the approval process within Denmark. One use case is as follows: An electrical substation (e.g. transformation) has many interconnected entities. One of these entities is the contact to the outside world. If something happens within the substation, the situation has to be detected, commands have to be sent to other entities that that have to process the command and react to the commands. All this must happens within 10 ms. False commands would be disastrous in this environment, so authentication is necessary, but there is no time to validate a long certification path, to consult OCSP, etc. It is an environment very different from a browser environment and old solutions do not work here. Kind regards, Erik Fra: Tony Rutkowski [mailto:trutkowski@netmagic.com] Sendt: 18. juli 2014 14:11 Til: Erik Andersen; tony@yaanatech.com; stephen.farrell@cs.tcd.ie Cc: pkix@ietf.org; wpkops@ietf.org; SG17-Q11 Emne: Re: [T17Q11] SV: [pkix] X.509 whitelist proposal Hi Erik, You have been participating long enough in the ITU-T to know that it is an intergovernmental body, and one cannot simply create a contribution using a Member nation's name - even if you are a citizen - because you don't like the "red tape." It is the Danish Administration - the Ministry of Business and Growth - that gets to make submissions for Denmark, not you. Denmark ten years ago reduced its ITU financial contribution by more than a half, and has not submitted a document into the ITU-T since at least 2001. It thus seems unlikely this will occur. You now say that "the proposal has been submitted to that group [IEC TC57 WG15} for comments," whereas your previous message said it "has requested the inclusion of whitelist support in X.509." I don't mean to be harsh or difficult here, but your proposal is far reaching with profound effects on X.509/PKI communities and implementations. This material also appears to be your own personal proposal with no other apparent support. You should be proceeding to get reactions and support from others on your ideas before attributing them to a Member State or using your position as Q11/17 rapporteur to advance them. --tony On 2014-07-18 5:31 AM, Erik Andersen wrote: There is some pressure by the major electricity company (http://energinet.dk/EN/Sider/default.aspx) to make me the Danish Member representative in ITU-T SG17. It takes a lot of red tape. I am also active in IEC TC57 WG15. As I mentioned, the proposal has been submitted to that group for comments.
- [wpkops] X.509 whitelist proposal Tony Rutkowski
- Re: [wpkops] [pkix] X.509 whitelist proposal Erik Andersen
- Re: [wpkops] X.509 whitelist proposal Stephen Farrell
- Re: [wpkops] [T17Q11] SV: [pkix] X.509 whitelist … Tony Rutkowski
- Re: [wpkops] [T17Q11] SV: [pkix] X.509 whitelist … Erik Andersen
- Re: [wpkops] [T17Q11] SV: [pkix] X.509 whitelist … Phillip Hallam-Baker
- Re: [wpkops] [T17Q11] SV: [pkix] X.509 whitelist … Erik Andersen
- Re: [wpkops] [T17Q11] SV: [pkix] X.509 whitelist … Tony Rutkowski
- Re: [wpkops] [pkix] [T17Q11] SV: X.509 whitelist … Erwann Abalea
- Re: [wpkops] [x500standard] Re: SV: [T17Q11] SV: … Erik Andersen
- Re: [wpkops] [x500standard] Re: SV: [T17Q11] SV: … Tony Rutkowski
- Re: [wpkops] [pkix] [T17Q11] SV: X.509 whitelist … Erik Andersen
- Re: [wpkops] [T17Q11] SV: [pkix] X.509 whitelist … Massimiliano Pala
- Re: [wpkops] [T17Q11] SV: [pkix] X.509 whitelist … Erik Andersen
- Re: [wpkops] [T17Q11] SV: [pkix] X.509 whitelist … Olivier Dubuisson
- Re: [wpkops] [pkix] X.509 whitelist proposal Sill, Alan
- Re: [wpkops] [pkix] X.509 whitelist proposal Erik Andersen
- Re: [wpkops] [pkix] X.509 whitelist proposal Sill, Alan