IETF Logo Mail Archive

Re: [CFRG] Threshold Sig required - Random bit flip hits Cert Transparency Log

Jeff Burdges <burdges@gnunet.org> Thu, 08 July 2021 12:06 UTC

Return-Path: <burdges@gnunet.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C5453A12F5 for <cfrg@ietfa.amsl.com>; Thu, 8 Jul 2021 05:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JPm8Wu2YLfMD for <cfrg@ietfa.amsl.com>; Thu, 8 Jul 2021 05:06:33 -0700 (PDT)
Received: from mail-out2.informatik.tu-muenchen.de (mail-out2.in.tum.de [131.159.0.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5482F3A12F6 for <cfrg@irtf.org>; Thu, 8 Jul 2021 05:06:32 -0700 (PDT)
Received: from mailrelay1.rbg.tum.de (mailrelay1.in.tum.de [131.159.254.14]) by mail-out2.informatik.tu-muenchen.de (Postfix) with ESMTP id 5063024016D for <cfrg@irtf.org>; Thu, 8 Jul 2021 14:06:28 +0200 (CEST)
Received: by mailrelay1.rbg.tum.de (Postfix, from userid 112) id 4DFF0DD0; Thu, 8 Jul 2021 14:06:28 +0200 (CEST)
Received: from mailrelay1.rbg.tum.de (localhost [127.0.0.1]) by mailrelay1.rbg.tum.de (Postfix) with ESMTP id 0F9C3DD1 for <cfrg@irtf.org>; Thu, 8 Jul 2021 14:06:24 +0200 (CEST)
Received: from sam.net.in.tum.de (gnunet.in.tum.de [131.159.74.67]) by mailrelay1.rbg.tum.de (Postfix) with ESMTP id 0E650C7 for <cfrg@irtf.org>; Thu, 8 Jul 2021 14:06:24 +0200 (CEST)
Received: from [127.0.0.1] (sam.net.in.tum.de [IPv6:2001:4ca0:2001:42:225:90ff:fe6b:d60]) by sam.net.in.tum.de (Postfix) with ESMTP id C72DC1C006D for <cfrg@irtf.org>; Thu, 8 Jul 2021 14:09:23 +0200 (CEST)
From: Jeff Burdges <burdges@gnunet.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
Date: Thu, 08 Jul 2021 14:06:23 +0200
References: <CAMm+Lwjh29Eugv=HO-yL8fXW_xh7a=4vVgCKYWdRvGW9dU9o7A@mail.gmail.com> <CABrd9SSPcqdbsSwx=bOJdDeGwHwTKmnZcWR2Oi0jN06neEFvrA@mail.gmail.com>
To: IRTF CFRG <cfrg@irtf.org>
In-Reply-To: <CABrd9SSPcqdbsSwx=bOJdDeGwHwTKmnZcWR2Oi0jN06neEFvrA@mail.gmail.com>
Message-Id: <9306E035-8EFE-4E50-B9E2-AE7522317AA9@gnunet.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/UFacOUHhXbFPNHqsYaDjnmxN63w>
Subject: Re: [CFRG] Threshold Sig required - Random bit flip hits Cert Transparency Log
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jul 2021 12:06:38 -0000


> On 8 Jul 2021, at 12:37, Ben Laurie <benl=40google.com@dmarc.ietf.org> wrote:
> > The only robust solution to this issue is for redundant notaries to sign the log.
> 
> That's not true - the solution CT uses already is to have multiple redundant logs.

Yes.  Threshold signatures are not attributable, which makes them kinda useless for CT.  Also the logs have different Merkle roots, so they cannot really be unified cleanly anyways.

Threshold signatures only work for cryptocurrency because the clients accept the attribution problems.  

I’d assume threshold signatures “real” application would be TLS certificates and perhaps app signing in app stores.  It’s obviously better if these were attributable too, but this could be handled internally by the CA or whatever, assuming the standard discusses validating signature shares. 

Jeff

v2.23.0 | Report a Bug | By Email