<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>On 2/16/2020 9:15 AM, Phillip Hallam-Baker wrote:<br>
</p>
<blockquote type="cite"
cite="mid:CAMm+LwiHQU65J0kJYoF7Odzy-eqk5SB7dB7sqfrkKk2hvVnBRA@mail.gmail.com">
<div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">The WebPKI
design brief was very narrow, I know this because I wrote it
together with Michael Baum, Warwick Ford. The objective was to
make shopping online as safe for the customer as shopping in a
store. That is all. Confidentiality was not a primary concern,
that was a secondary concern necessitated by the fact that
credit card numbers are bearer tokens.</div>
<br>
</div>
<div>
<div class="gmail_default" style="font-size:small">The WebPKI
was designed as an accountability infrastructure. The goal
being to ensure that if a merchant did not deliver, there
would be consequences. The objective was never to prevent the
possibility of merchant fraud, it was to limit the rate to an
unprofitable level.</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">And the
system worked so well fir the first decade, a lot of arrogant
sods decided they knew better and could start hacking parts
out arbitrarily. Like the revocation infrastructure. And then
folk decided that it was an all purpose confidentiality
infrastructure because that is the only type of security they
can understand.</div>
</div>
</blockquote>
<p><br>
</p>
<p>That's exactly how the organic growth of the Internet works. A
specification is put up with a narrow scope and demonstrates that
it works well in that scope. Since it works well, it get adopted
widely and the scope of application exceeds the initial design. At
which point additional works happens until the new version meets
the extended scope. Repeat. This is true for pretty much every
standard including TCP itself, which went from working on kilobit
links in the 70's to multi Gigabit links now, and in the process
acquired a bunch of features like congestion control, selective
acknowledgements, time stamps, wide windows and many more. It is
obviously true of SSL and then TLS. And it is also true of the
certificate infrastructure, with stuff like CT grafted on top of
PKI. Experience shows that standards developed that way are really
hard to replace. You would think that a shiny new feature will
ensure replacement of the old crumpy stuff by the new one, but
generally the answer is just to add a slightly less shiny
replacement feature to that old stuff.</p>
<p>Unless you are Google or the Chinese Communist Party, of course.
Google has managed to develop an alternative to TCP with Quic, and
they could do that because the Chrome browser and the various
Google services have a huge market share. Even so, the transition
has been going on since 2013, and we might finally get a standard
this summer. It takes time. The Chinese Communist Party is trying
something similar with their "New IP" initiative, aiming at
replacing the current Internet standard by one in which the
identity of every user could be verified and their activities
observed from within the network. They may succeed because in the
process hey invested huge diplomatic efforts to get votes in the
ITU, and built a pretty solid industrial base with Huawei, and
they plan working on it until 2030. But if you are not one the
mega corporate powers or one of the dominant nation states, your
odds of success are much lower.</p>
<p>-- Christian Huitema<br>
</p>
<p><br>
</p>
</body>
</html>