ietf-openpgp
[Top] [All Lists]

Re: [openpgp] rfc3880bis - hard expiration time

2015-05-05 12:08:05
On Tue, 2015-05-05 at 11:24 -0400, Phillip Hallam-Baker wrote: 
I am pretty sure that Diffie, Rivest et. al. have been using the term
'key' to refer to a public key, a private key or a symmetric key and
nothing else since the mid 70s.
I don't think they are the standards body defining which words to use
for what.


Where we are now is that we have two PKIs that don't talk to each
other. That means we can't use keys from the PGP system with TLS
rfc6091

 and
we can't use keys from the PKIX system with PGP message formats. And
both cause problems.
Why? I don't see any need why e.g. OpenPGP should be compatible with it.
Actually I'm quite happy it's not.


I would really like to be able to use some sort of client side public
key based authentication with HTTPS web sites. That means using keys
that are in the user space. Do we really want to insist on the user
having to maintain two separate sets of keys for the different
protocols?
I don't think you or anyone else here will solve the fundamental
problems of "web crypto" (i.e. TLS and X.509),... nor will we be able to
make the world take over OpenPGP for it.

And again you seem to mix in completely unrelated topics here.
Please focus.


If you want to call a key packet a PGPKey, fine. But we are working in
a standards organization here and one of the things that requires us
to do is to ensure that our nomenclature is consistent across the
organization.
It's important that the nomenclature is consistent within the
standard/documents we produce... but apart from that it's probably
impossible to reach that goal.
"Key" alone can have many colloquial meanings,.. public key, private
key, the key material, the pair of public/private key, the key material
+metadata, + the UID.



Key fingerprints are useful for far more than just email.

I am just working on setting up Web Service that is distributed across
a set of hosts. Now obviously for external purposes, those hosts are
going to acquire WebPKI certificates. But how do I authenticate the
host to either the CA or LRA?

The simplest solution is to use a public key pair. Lets say the
fingerprint of the public key is:

MGM2D-SNZRG-A4GGO-BQMM4-DQMRU-GBTDI

Lets also say that there is some TPM capability on the platform so
that I can store the private key on the platform in such a fashion
that I can issue instructions to make use of the key with the above
identifier but can't extract it from the machine without electron
microscope type effort.


So each host has a config file that looks something like:

{"Service" : "Confirmation",
 "HostKey" : "MGM2D-SNZRG-A4GGO-BQMM4-DQMRU-GBTDI",
 "Domain" : "example.com",
 "CA" : {"dns" : "acme.example.com",
     {"root" : "SJE2U-OVCFK-JBVIS-S2JZD-EKURS-IJDVE"}}

And the ACME LRA server would have a config file containing a line
something like:

{Hosts : [
   "MGM2D-SNZRG-A4GGO-BQMM4-DQMRU-GBTDI",
   "MI5GT-ERCTJ-ZNFER-2BGRD-UOT2C-KFGU2-NCEKF",
   "MGVEV-KHIJK-EISK2-JJJU2-SSSIR-FU4SS-RJBBF",
   "MERCP-JZKEE-R2NGN-KE6WS-KKVGV-CWKUI"] }

The combination of these techniques allows me to address one of the
biggest headaches in TLS admin which is how to authenticate a host
before it has a certificate. By far the biggest reason for bad certs
is that admins lose control of their private keys. Automating the
process allows me to go to short lived certs (24 hour rollover).
What has all this to do with our discussions here? At least I can't see
anything, apart from that I feel the need to comment that any rollover
techniques are IMHO security wise stupid.

Let's focus on concrete questions about OpenPGP.


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp