I don't think there's any new argument to address, so I will just offer
a pointers into where these issues are discussed in 'Trust is
non-negotiable'.
Section 3.3 [1] looks at how trust negotiation (as an abstract
mechanism) changes incentives to divergence for existing root programs,
as well as the consequences of enabling the deployment of new root
programs with divergent policies. Unfortunately, fragmentation is often
an insidious, gradual process that arises from many actors making
independent decisions that prioritize their own needs, in the absence of
any ecosystem forces strong enough to bring them together. It doesn't
have to be a goal that is pursued deliberately, although it can also be
(e.g. market differentiation or enshittification).
Separately, structural barriers to deployment of a new technology, which
impact certain constituencies much more than others, are a common cause
of ecosystem fragmentation. The specific design of TAI has serious
issues in this regard which are laid out in section 4.6 [2].
The argument that this fragmentation is possible with existing
mechanisms like certificate_authorities is evaluated at the end of the
section 3.3 [3]. These extensions do not have any meaningful
existence in the wild for the purposes of server certificate negotiation
and it's running code that counts here. Further, for the same reasons
that the TAI authors identified these extensions as an unsatisfactory
solution for their needs, it is unsuitable for anyone else trying to
deploy trust negotiation at scale.
Finally, as is discussed throughout Section 3, I disagree there is any
security tradeoff at the heart of this issue. We've shipped many many
improvements over the past 10+ years through the steady ratcheting of
root program policies. Instead, I believe barriers to further
improvements are predominantly found server-side, in the level of
investment that server operators (and to a lesser extent CAs) are
willing to make in terms of libraries, automation and tooling. Trust
negotiation does nothing to address these issues, which are largely
societal rather than technical.
Best,
Dennis
[1]
https://datatracker.ietf.org/doc/html/draft-jackson-tls-trust-is-nonnegotiable#section-3.3
[2]
https://datatracker.ietf.org/doc/html/draft-jackson-tls-trust-is-nonnegotiable#section-4.6
[3]
https://datatracker.ietf.org/doc/html/draft-jackson-tls-trust-is-nonnegotiable#name-alternative-paths-to-abuse
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
