--On Friday, September 06, 2013 19:50 -0800 Melinda Shore <melinda.shore@xxxxxxxxx> wrote: > On 9/6/13 7:45 PM, Scott Kitterman wrote: >> They have different problems, but are inherently less >> reliable than web of trust GPG signing. It doesn't scale >> well, but when done in a defined context for defined >> purposes it works quite well. With external CAs you never >> know what you get. > > Vast numbers of bits can be and have been spent on the problems > with PKI and on vulnerabilities around CAs (and the trust > model). I am not arguing that PKI is awesome. What I *am* > arguing is that the semantics of the trust assertions are > pretty well-understood and agreed-upon, which is not the case > with pgp. When someone signs someone else's pgp key you > really don't know why, what the relationship is, what they > thought they were attesting to, etc. I think you are both making more of a distinction than exists, modulo the scaling problem with web of trust and something the community has done to itself with CAs. The web of trust scaling issue is well-known and has been discussed repetitively. But the assumption about CAs has always been, more or less, that they can all be trusted equally and that one that couldn't be trusted would and could be held accountable. Things just haven't worked out that way with the net result that, as with PGP, it is hard to deduce "why, what the relationship is, what they thought they were attesting to", and so on. While those statements are in the certs or pointed to from them in many cases, there is the immediate second-level problem of whether those assertions can be trusted and what they mean. For example, if what a cert means is "passed some test for owning a domain name", it and DANE are, as far as I can tell, identical except for the details of the test ... and some are going to be a lot better for some domains and registrars than others. Assorted vendors have certainly made the situation worse by incorporating CA root certificates in systems based on business relationships (or worse) rather than on well-founded beliefs about trust. On the CA side, one of the things I think is needed is a rating system (or collection of them on a "pick the rating service you trust" basis) for CAs, with an obvious extension to PGP-ish key signers. In itself, that isn't a problem with which the IETF can help. Where I think the IETF and implementer communities have fallen down is in not providing a framework that would both encourage rating systems and tools and make them accessible to users. In our current environment, everything is binary in a world in which issues like trust in a certifier is scaled and multidimensional. As Joe pointed out, we don't use even what information is available in PGP levels of confidence and X.509 assertions about strength. In the real world, we trust people and institutions in different ways for different purposes -- I'll trust someone to work on my car, even the safety systems, whom I wouldn't trust to do my banking... and I wouldn't want my banker anywhere near my brakes. In both cases, I'm probably more interested in institutional roles and experience than I am in whether a key (or signature on paper) binds to a hard identity. In some cases, binding a key to persistence is more important than binding it to actual identity; in others, not. I trust my sister in most things, but wouldn't want her as a certifier because I know she don't have sufficient clues about managing keys. And the amount of authentication of identity I think I need differs with circumstances and uses too. We haven't designed the data structures and interfaces to make it feasible for a casual user to incorporate judgments --her own or those of someone she trusts -- to edit the CA lists that are handed to her, or a PGP keyring she has constructed, and assign conditions to them. Nor have we specified the interface support that would make it easy for a user to set up and get, e.g., warnings about low-quality certification (or keys linked to domains or registrars that are known to be sloppy or worse) when one is about to use them for some high-value purpose. We have web of trust and rating models (including PICS, which illustrates some of difficulties with these sorts of things) models for web pages and the like, but can't manage them for the keys and certs that are arguably more important. So, anyone ready to step up rather than just lamenting the state of the world? best, john