ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Agenda, security, and monitoring

2014-02-03 09:13:13
from [John C Klensin] [Permanent Link] 


--On Monday, February 03, 2014 09:05 -0500 Theodore Ts'o
<tytso(_at_)mit(_dot_)edu> wrote:


On Sun, Feb 02, 2014 at 06:44:58PM -0600, Pete Resnick wrote:

I agree that authentication is irrelevant in this context. But
that's leads me to agree with Dave on a central point (hence
the little I-D we've been banging on and submitted to the
STRINT folks): The problem with PGP and S/MIME is that they
require authentication in order to start using encryption,
and since authentication is both irrelevant to this *and* a
pain to do...


We should be a bit careful about our terms here.  If we don't
care about authentication at all, one solution is to just do
hop-by-hop diffie hellman (or TLS with completely unchecked
certificates). That's actually pretty easy, and it's not a bad
...
As a specific example, if all you want to do is make sure that
someone really controls the e-mail address named in the PGP
key identity, then you could do an web-automated version of
"CAFF" (Certifying Authority Fire and Forget)[1].

[1] http://manpages.ubuntu.com/manpages/hardy/man1/caff.1.html

So imagine a web service, running on tools.ietf.org, (a) which
makes someone prove that they have control over a specified
e-mail address, by mailing them a URL with a one-time code
embedded in it, then (b) asks them to upload a PGP key, and
then (c) it sends back to that e-mail address their PGP key
signed with a registry key --- but the signature is encrypted
so only someone with the private key of the PGP key can
decrypt it.  This basically proves that the submitting entity
has control over both the e-mail address and the private key
of the PGP key that they are requesting be certified.

If this is being done via https, and you trust that the CA for
ietf.org is doing a competent job, and *all* CA's and sub-CA's
trusted by your browser are doing a competent job, then this
will basically do what you want, and it doesn't require people
to show up at a PGP signing party.  The user experience
becomes that which is needed when you sign up for a Google, or
Yahoo, or any other web site which demands that you prove that
you have a valid e-mail address.


Right.  Very weak authentication of individual identity but,
given the above assumptions, decent-or-better authentication of
ownership of keys, addresses, and identity-persistence.  Whether
that is good enough depends on one's concerns and attack
scenarios -- for the IETF list, I'd imagine almost no one would
care.  And, of course, the requirement of competence by "*all*
CA's and sub-CA's trusted by your browser" doesn't pass a laugh
test these days unless one is paranoid and geeky enough to edit
browser CA lists down to those one actually has reason to trust.

That is why I think it is worthwhile to tease out what we really
want and need, not say blanket things like "no authentication
needed" as Pete's note seemed to.

     john
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Email header randon(?) changes, Glen
Next by Date:  Re: Agenda, security, and monitoring, Stephen Kent
Previous by Thread:  Re: Agenda, security, and monitoring, Phillip Hallam-Baker
Next by Thread:  Re: Agenda, security, and monitoring, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]