On 20/07/2024 11:23, David Benjamin wrote:
On Sat, Jul 20, 2024, 06:13 Mike Shaver <[email protected]> wrote:
In what way are these non-web systems not allowed to use other PKI
models today? How would trust anchors provide that permission?
If the same server serves both embedded/IoT traffic and web browser
traffic, but we aim for the two to use different PKIs, the server
needs to arrange to serve different certificates to each. To do that,
we need trust anchor negotiation story.
I'm not sure you're talking about the same systems as Mike.
We've seen a number of recent incidents where CAs have delayed
revocation of mis-issued certificates for 'critical' services that are
not accessible on the public web [1]. The vast majority of these
services could already migrate to a private PKI today but they simply
don't have adequate incentives to make the small investment necessary.
How would Trust Expressions or Trust Anchors change that?
Even for the tiny fraction of IoT services that have the misfortune to
be on the public web and also popular with browsers. I don't understand
why you think Trust Anchor Negotiation is a competitive solution.
The operator can choose at any time to start migrating their IoT devices
to a new URL which is not shared with browser clients and uses a private
PKI. This has the same outcome as T.E. / T.A., without needing to ship a
new TLS library to the IoT devices. How would you sell an investment in
deploying and operating Trust Anchors or Trust Expressions to these
companies?
I feel a lot of the conversation on the benefits of these proposals is
being derailed by the large number of use cases you're jumping between.
It might be very be productive to take Rich's suggestion on focusing on
one or two key problems that you want to solve and invest some time in
explaining how your proposals handle the critical aspects around
adoption. Some key questions would be: Who are we asking to deploy these
designs? What is the incentive for them to do the necessary work?
This doesn't mean you have to abandon the other use cases, but I think
one or two well-explained use cases covering the key details would be
much more persuasive to the WG than the current barrage of 9 or 10 use
cases which leave more questions than they answer [2].
Best,
Dennis
[1] e.g Entrust and Chunghwa Telecom
[2] See also my previous comments
https://github.com/dennisjackson/trust-negotiation-comments/blob/main/comments-on-usecases.md
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
