Re: [TLS] WG Adoption for TLS Trust Expressions

2024-05-05 Thread Dennis Jackson
Hi David, Devon, Bob, I feel much of your response talks past the issue that was raised at IETF 118. The question we're evaluating is NOT "If we were in a very unhappy world where governments controlled root certificates on client devices and used them for mass surveillance, does Trust

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-05-02 Thread David Benjamin
Hi Dennis, thanks for your feedback. First, you mention the issue of the possible requirement of key escrow; we don’t feel that trust expressions make this any more or less of a threat to the ecosystem. Were a government to require sites to escrow private keys, it would not matter who signed them

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Eric Rescorla
On Tue, Apr 30, 2024 at 4:30 PM Dennis Jackson wrote: > On 01/05/2024 00:07, Watson Ladd wrote: > > On Tue, Apr 30, 2024 at 3:26 PM Dennis > Jackson > wrote: > > > Let's assuming for a moment we could a) get most of the world to use ACME (a > worthy but challenging goal) and b) get them to

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Dennis Jackson
On 01/05/2024 00:07, Watson Ladd wrote: On Tue, Apr 30, 2024 at 3:26 PM Dennis Jackson wrote: Let's assuming for a moment we could a) get most of the world to use ACME (a worthy but challenging goal) and b) get them to configure multiple CAs and receive multiple certificates. We don't

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Watson Ladd
On Tue, Apr 30, 2024 at 3:26 PM Dennis Jackson wrote: > > Let's assuming for a moment we could a) get most of the world to use ACME (a > worthy but challenging goal) and b) get them to configure multiple CAs and > receive multiple certificates. We don't need trust expressions to be able to >

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Dennis Jackson
On 30/04/2024 22:33, Brendan McMillion wrote: This doesn't apply in case we're distrusting a CA because it's failed. In 9.1 we're rotating keys. As I laid out in my initial mail, we can already sign the new root with the old root to enable rotation. There's no size impact to

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread David Benjamin
Hi all. Thanks for the discussion! While we're digesting it all, one quick comment regarding the feedback in Prague: >From talking with folks at the meeting, it seemed part of this was due to a misunderstanding. Trust expressions are not intended to capture per-user customizations to root stores,

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Brendan McMillion
> > This doesn't apply in case we're distrusting a CA because it's failed. In > 9.1 we're rotating keys. As I laid out in my initial mail, we can already > sign the new root with the old root to enable rotation. There's no size > impact to up-to-date clients using intermediate suppression or

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Stephen Farrell
Hiya, Having read the draft and the recent emails, I fully agree with Dennis' criticisms of this approach. I think this is one that'd best be filed under "good try, but too many downsides" and left at that. Cheers, S. On 30/04/2024 00:20, Dennis Jackson wrote: When this work was presented at

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Eric Rescorla
On Tue, Apr 30, 2024 at 8:37 AM Dennis Jackson wrote: > As mentioned above, we have such an extension already insofar as > indicating support for Delegated Credentials means indicating a desire for > a very short credential lifetime and an acceptance of the clock skew risks. > I agree that DC

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Dennis Jackson
As mentioned above, we have such an extension already insofar as indicating support for Delegated Credentials means indicating a desire for a very short credential lifetime and an acceptance of the clock skew risks. Given how little use its seen, I don't know that its a good motivation for

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Dennis Jackson
On 30/04/2024 16:13, Brendan McMillion wrote: Of course this is possible in theory, there are no standards police, but this argument overlooks the gargantuan technical and economic costs of deploying this kind of private extension. You'd need to convince a diverse population of

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Eric Rescorla
On Tue, Apr 30, 2024 at 8:29 AM Watson Ladd wrote: > On Tue, Apr 30, 2024 at 8:25 AM Eric Rescorla wrote: > > > > > > On the narrow point of shorter lifetimes, I don't think the right way to > advertise that you have an accurate clock is to advertise that you support > some set of root

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Watson Ladd
On Tue, Apr 30, 2024 at 8:25 AM Eric Rescorla wrote: > > > On the narrow point of shorter lifetimes, I don't think the right way to > advertise that you have an accurate clock is to advertise that you support > some set of root certificates. > > If we want to say that, we should have an

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Eric Rescorla
On Tue, Apr 30, 2024 at 8:14 AM Brendan McMillion < brendanmcmill...@gmail.com> wrote: > Of course this is possible in theory, there are no standards police, but >> this argument overlooks the gargantuan technical and economic costs of >> deploying this kind of private extension. You'd need to

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Brendan McMillion
> > Of course this is possible in theory, there are no standards police, but > this argument overlooks the gargantuan technical and economic costs of > deploying this kind of private extension. You'd need to convince a diverse > population of implementers on both the client and server side to

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Loganaden Velvindron
On Tue, 30 Apr 2024 at 03:20, Dennis Jackson wrote: > > When this work was presented at IETF 118 in November, several participants > (including myself, Stephen Farrell and Nicola Tuveri) came to the mic to > highlight that this draft's mechanism comes with a serious potential for > abuse by

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Dennis Jackson
Hi Brendan, Bas, On 30/04/2024 05:17, Brendan McMillion wrote: It seems like, with or without this extension, the path is still the same: you'd need to force a browser to ship with a government-issued CA installed. Nothing about this makes that easier. It /is/ somewhat nice to already have a

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-30 Thread Bas Westerbaan
On Tue, Apr 30, 2024 at 6:17 AM Brendan McMillion < brendanmcmill...@gmail.com> wrote: > but you could just as easily do this with a simple extension from the > private range, so I'm not sure that was a big blocker. > No need for a new extension: a government can use a specific signature

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-29 Thread Brendan McMillion
Hi Dennis Admittedly, I'm not understanding how this extension enables government coercion. It seems like, with or without this extension, the path is still the same: you'd need to force a browser to ship with a government-issued CA installed. Nothing about this makes that easier. It /is/

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-29 Thread Dennis Jackson
Thanks , I am

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-29 Thread S Moonesamy
Hi Dennis, At 04:20 PM 29-04-2024, Dennis Jackson wrote: Thankfully these efforts have largely failed because these national CAs have no legitimate adoption or use cases. Very few website operators would voluntarily use certificates from a national root CA when it means shutting out the rest

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-29 Thread Dennis Jackson
When this work was presented at IETF 118 in November, several participants (including myself, Stephen Farrell and Nicola Tuveri) came to the mic to highlight that this draft's mechanism comes with a serious potential for abuse by governments (meeting minutes

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-26 Thread Watson Ladd
On Tue, Apr 23, 2024 at 1:39 PM Devon O'Brien wrote: > > After sharing our first draft of TLS Trust Expressions and several > discussions across a couple IETFs, we’d like to proceed with a call for > working group adoption of this draft. We are currently prototyping trust > expressions in

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-26 Thread Kyle Nekritz
Of Devon O'Brien Sent: Tuesday, April 23, 2024 4:37 PM To: tls@ietf.org Cc: Bob Beck Subject: [TLS] WG Adoption for TLS Trust Expressions After sharing our first draft of TLS Trust Expressions and several discussions across a couple IETFs, we’d like to proceed with a call for working group adoption

Re: [TLS] WG Adoption for TLS Trust Expressions

2024-04-24 Thread Ilari Liusvaara
On Tue, Apr 23, 2024 at 01:37:26PM -0700, Devon O'Brien wrote: > After sharing our first draft of TLS Trust Expressions > and > several discussions across a couple IETFs, we’d like to proceed with a > call for working group

[TLS] WG Adoption for TLS Trust Expressions

2024-04-23 Thread Devon O'Brien
After sharing our first draft of TLS Trust Expressions and several discussions across a couple IETFs, we’d like to proceed with a call for working group adoption of this draft. We are currently prototyping trust expressions in