>
> I mean, is there a cryptographic reason for it?
No.
> (However, absent cryptographic reasons, this all is way premature.)
>
Indeed. We like to have a concrete proposal, but thinking through these
details is premature at this point.
[snip] What that in effect does
> is to make it much
On Mon, Jun 5, 2023 at 12:42 PM David Benjamin
wrote:
>
> It’s true that this would require code changes in more components. But
> TLS, ACME, etc., are deployed many more times than they are implemented.
>
... [snip] ...
>
> To ACME specifically, we definitely don’t want it to be painful for
On Tue, Jun 06, 2023 at 01:28:17PM +0200, Bas Westerbaan wrote:
> > > Thanks! That’s indeed inconsistent, we’ll fix it.
> > > https://github.com/davidben/merkle-tree-certs/issues/32
> >
> > Hmm... Looking at that construct, why is the pad there?
>
>
> We pad to the hash block size. When
> > Thanks! That’s indeed inconsistent, we’ll fix it.
> > https://github.com/davidben/merkle-tree-certs/issues/32
>
> Hmm... Looking at that construct, why is the pad there?
We pad to the hash block size. When computing the full Merkle tree, or
verifying an authentication path, the values before
On Mon, Jun 05, 2023 at 03:35:17PM -0400, David Benjamin wrote:
> Thanks for such detailed feedback! Responses inline.
>
> On Wed, Mar 22, 2023 at 12:49 PM Ilari Liusvaara
> wrote:
>
> > Some quick comments / ideas:
> >
> > - I think it would be easier for subscribers to get inclusion proofs
>
On Wed, Mar 22, 2023 at 11:22 AM Ilari Liusvaara
wrote:
> On Wed, Mar 22, 2023 at 01:54:22PM +0100, Bas Westerbaan wrote:
> > >
> > > Unpopular pages are much more likely to deploy a solution that
> > > doesn't require a parallel CA infrastructure and a cryptographer
> > > on staff.
>
> I don't
Thanks for such detailed feedback! Responses inline.
On Wed, Mar 22, 2023 at 12:49 PM Ilari Liusvaara
wrote:
> Some quick comments / ideas:
>
> - I think it would be easier for subscribers to get inclusion proofs
> from transparency service than certificate authority.
>
> This is because
On Tue, Mar 14, 2023 at 1:47 PM Watson Ladd wrote:
> Come embrace the temptations of the Sea-SIDH!
>
> Intermediate certs are rarely used, so that would achieve 204 byte sig
> on intermediate+ 64 byte intermediate key + 204 byte sig of EE cert
> since the signing time doesn't matter. Then with
Hi all,
Sorry for the late reply on all these, and thanks for the feedback so far!
I lost track of this thread as I was putting together slides for IETF 116
and whatnot. I’ll reply to various outstanding emails individually...
On Sat, Mar 11, 2023 at 2:43 PM Stephen Farrell
wrote:
>
> Hiya,
>
ached info.
-Original Message-
From: Hubert Kario
Sent: Wednesday, March 22, 2023 8:46 AM
To: David Benjamin
Cc: Kampanakis, Panos ;
; Devon O'Brien
Subject: RE: [EXTERNAL][TLS] Merkle Tree Certificates
CAUTION: This email originated from outside of the
organization. Do not c
-Original Message-
From: Hubert Kario
Sent: Wednesday, March 22, 2023 8:46 AM
To: David Benjamin
Cc: Kampanakis, Panos ; ; Devon
O'Brien
Subject: RE: [EXTERNAL][TLS] Merkle Tree Certificates
CAUTION: This email originated from outside of the organization. Do not click
links or ope
On Fri, Mar 10, 2023 at 05:09:10PM -0500, David Benjamin wrote:
>
> I've just uploaded a draft, below, describing several ideas we've
> been mulling over regarding certificates in TLS. This is a draft-00
> with a lot of moving parts, so think of it as the first pass at
> some of ideas that we
On Wed, Mar 22, 2023 at 01:54:22PM +0100, Bas Westerbaan wrote:
> >
> > Unpopular pages are much more likely to deploy a solution that
> > doesn't require a parallel CA infrastructure and a cryptographer
> > on staff.
I don't think the server-side deployment difficulties with this have
anything
>
> Unpopular pages are much more likely to deploy a solution that doesn't
> require
> a parallel CA infrastructure and a cryptographer on staff.
>
CAs, TLS libraries, certbot, and browsers would need to make changes, but I
think we can deploy this without webservers or relying parties having to
On Tuesday, 21 March 2023 17:06:54 CET, David Benjamin wrote:
On Tue, Mar 21, 2023 at 8:01 AM Hubert Kario wrote:
On Monday, 20 March 2023 19:54:24 CET, David Benjamin wrote:
I don't think flattening is the right way to look at it. See my
other reply for a discussion about flattening, and
it then you no longer need to establish trust.
From: David Benjamin
Sent: Monday, March 20, 2023 2:43 PM
To: Kampanakis, Panos
Cc: ; Devon O'Brien
Subject: RE: [EXTERNAL][TLS] Merkle Tree Certificates
CAUTION: This email originated from outside of the organization. Do not click
links or open
e CA". The way I see it, this construction flattens
> > the PKI structure, and issuing CA's are trusted now instead of a
> > more limited set of roots. This change is not trivial in my
> > eyes, but the end goal is similar, to shrink the amount of auth
> > data.
> >
> &g
in my
eyes, but the end goal is similar, to shrink the amount of auth
data.
-Original Message-
From: TLS On Behalf Of Hubert Kario
Sent: Monday, March 13, 2023 11:08 AM
To: David Benjamin
Cc: ; Devon O'Brien
Subject: RE: [EXTERNAL][TLS] Merkle Tree Certificates
CAUTION: This
imilar, to shrink the amount of auth data.
>
>
>
> -Original Message-
> From: TLS On Behalf Of Hubert Kario
> Sent: Monday, March 13, 2023 11:08 AM
> To: David Benjamin
> Cc: ; Devon O'Brien
> Subject: RE: [EXTERNAL][TLS] Merkle Tree Certificates
>
> CAUTIO
. So we are saving 2 PQ sig minus
> the small tree structure size . Am I misunderstanding the premise here?
>
>
>
>
>
>
>
> *From:* TLS *On Behalf Of * David Benjamin
> *Sent:* Friday, March 10, 2023 5:09 PM
> *To:*
> *Cc:* Devon O'Brien
> *Subject:* [EXTE
Come embrace the temptations of the Sea-SIDH!
Intermediate certs are rarely used, so that would achieve 204 byte sig
on intermediate+ 64 byte intermediate key + 204 byte sig of EE cert
since the signing time doesn't matter. Then with SCT and OCSP, it's
204 bytes each.
As for the actual
f a more limited set of roots. This change is not
trivial in my eyes, but the end goal is similar, to shrink the amount of auth
data.
-Original Message-
From: TLS On Behalf Of Hubert Kario
Sent: Monday, March 13, 2023 11:08 AM
To: David Benjamin
Cc: ; Devon O'Brien
Subject: RE: [E
, March 10, 2023 5:09 PM
To:
Cc: Devon O'Brien
Subject: [EXTERNAL] [TLS] Merkle Tree Certificates
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you can confirm the sender and know the
content is safe.
Hi all,
I've just uploaded
Why not rfc7924?
On Friday, 10 March 2023 23:09:10 CET, David Benjamin wrote:
Hi all,
I've just uploaded a draft, below, describing several ideas
we've been mulling over regarding certificates in TLS. This is a
draft-00 with a lot of moving parts, so think of it as the first
pass at some of
Hiya,
I had a read and think this is a great topic for
discussion.
A few points:
- I think we'd benefit from trying to think through
the dynamics of this, e.g. how many of each entity
might we see and how'd that differ from the current
web PKI and possibly affect the web? (It's fine that
that
Hi all,
I've just uploaded a draft, below, describing several ideas we've been
mulling over regarding certificates in TLS. This is a draft-00 with a lot
of moving parts, so think of it as the first pass at some of ideas that we
think fit well together, rather than a concrete, fully-baked system.
26 matches
Mail list logo