On Mon, Apr 12, 2021 at 12:48:28PM -0400, Phillip Hallam-Baker wrote: > On Mon, Apr 12, 2021 at 12:10 PM Nico Williams <nico@xxxxxxxxxxxxxxxx> > wrote: > > "No magnification DDoS please" > > Oh, I have that built into the key exchange phase. Sure. We've talked about this before. The DNS data model can't really change, but the protocol can. We're already seeing the protocol change with DoT and DoH. > > If you have a low level IoT device, you are probably better off doing > > > path math properly in one trusted device in your network than relying > > > on whatever embedded code is running in your toaster. > > > > Absolutely. There is a trade-off to make. Low-power && low-value RPs > > should prefer stapling, or even a local caching recursive resolver to do > > all the lookups and signature verification too. > > If I was still doing PKIX, my long term plan would be to get rid of OCSP > and move to short lived certs created using thresholded techniques. But I > am not and nobody is paying me to think about that world any more. Forget the details of x.509/PKIX/ASN.1 and all of that. A lot of the concepts remain the same. PKIX, for all its warts, got some things right that must not get lost in the shuffle. First of all, naming must be "typed" (I don't mean structured, but that you have to know if "name@domain" is an email address or a Kerberos principal name). Second, you need to be able name more than one name. Third (really, first), name constraints! And so on. Ultimately, certificates need to be signed big bags of extensions, and in a post-PKIX world those things should all be strings. Nico --
