On Mon, Apr 1, 2019 at 10:33 PM Michael Richardson <mcr+ietf@xxxxxxxxxxxx> wrote:
Phillip Hallam-Baker <hallam@xxxxxxxxx> wrote:
> Now imagine that this personal PKI is designed so that my personal root
> key need never expire. Or at least not until I do. So now let's take a
> fingerprint of that key. And let's imagine that I provide that
> fingerprint to the IETF during registration ‘somehow’ (add encryption
> to taste).
Do we need to involve the IETF secretariat, or can we do this some other
indirect way? I can put any text on my badge that I like.
Not necessarily.
I think it very important that I can paint a 'zero-effort' scenario that could be realized with minimal impact on the conference organizers.. But as far as IETF roll out goes, it doesn't need to be perfect on day one. It is not a typical audience, people are likely to use a scheme in the hope of a future version one day being viable.
> So now my app is saying ‘do you want to pick up your IETF badge’ or
> whatever and I click yes and that causes the app to post my Mesh
> fingerprint to a URI indicated in the document and that causes the desk
> to get a note to look for phill’s badge and also tells my conference
> scheduling app to load the IETF material. [Quite possibly customized to
> include my Directorate etc. private events]
That's interesting.
As always, there are multiple ideas. but one of the more interesting ones is Encrypted Authenticated Resource Locators. Here is an example:
This is simply a domain name with an encryption key bodged on the end. Assume that we present this as a QR code and you scan it. The URI is now handed off to the UDF application.
To resolve this URI we take the fingerprint of the key and present at twice the precision of the key:
MAQJ-VVJB-TKX5-BNL6-7WPI-UEU4-QJVZ-GV2C-XUOJ-5QHC-YGBS-BKE7-76U3-RHNU
Now add the domain and DNS Web Service Discovery for the mmm-udf scheme and we get:
The target data is encrypted under the key ED3O-CIJB-...
So here we have a scheme that provides us with a means of resolving compact QR code to securely return a data object of any size.
We can use the QR code as a lightweight bearer token. Many business processes are driven by movement of paper documentation for good reason - the charts move round with the patient for example.
The basic scheme is 100% symmetric. So we could make it Quantum Cryptanalysis Resistant by expanding the key from 140 bits to 240 or so..
> Now imagine we have been doing this sort of thing for five years. At
> this point, we have a pretty solid binding of identity. It is not
> perfect but it has a very very high work factor and if the attacker
> hasn’t planned the attack in advance, they kinda need a time machine.
Someone who has attended 15 IETF meetings (3*5) is probably whomever their
badge says, regardless of who the government says they are ;-)
This is obvious if the name is something like "Psychotic Wizard". Less obvious if the name John Smith is used.
We can delegate the job of writing up processes for checking credentials to CABForum. I don't think we need the credentials to be validated according to process but we probably would for a professional or academic conference. We would want to be able to use this for registering Continuing Education Credits.
Let us imagine that we wanted to create a Wikipedia like scheme for an academic specialty. We would face many of the problems we face in IETF, we want to be open but not so open a wrecker can break the process. The scientists don't want to end up debating flat earthers or paid climate change denial trolls. A rule where you get to vote in the appeals process if you have checked in at three conferences in the past five years becomes useful.
--
Website: http://hallambaker.com/
