Re: [therightkey] LC comments on draft-laurie-pki-sunlight-05

Phillip Hallam-Baker <hallam@gmail.com> Sun, 17 February 2013 00:24 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D289221F8A5F; Sat, 16 Feb 2013 16:24:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.432
X-Spam-Level:
X-Spam-Status: No, score=-2.432 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eOS4jC-u36Oh; Sat, 16 Feb 2013 16:24:11 -0800 (PST)
Received: from mail-wg0-x22a.google.com (wg-in-x022a.1e100.net [IPv6:2a00:1450:400c:c00::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 5789621F8A47; Sat, 16 Feb 2013 16:24:11 -0800 (PST)
Received: by mail-wg0-f42.google.com with SMTP id 12so1829677wgh.1 for <multiple recipients>; Sat, 16 Feb 2013 16:24:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=dlrDbfKfWzX5knvTWSzHzoA6mXW4/R+O0DoN5rHbXlU=; b=o+GGFf2Nx6JqQ7CQ5222fIz6YujfKAIub8mdtW5YAx4OX7QH3ge8kKfgSe4G6VqLvV j/1EM2ikHXWQ7loCdFXs9sAQiIhz3BrepshNnD4LlxayX6Zqez6OLjeqFN2dzGmV6Koq tU3DrS8MBONYzy9sbgselqBRewB6A3KMA26zA5dYa1kpWHBmgAat27xJ16pscCF/7XqA JUYhB0lS3jQgaj0/JYXZ6Fk9/Madm8rRueHZwKe/RJNiL5lKVusOcsnyG1WgqnJRJTI+ ItA2Xv23Hw6ftXX0OwN4W+QfYwj7C4PKKyYrODN0kHvq3f1eEtlGOxXYj9VfWwOv9egI kdoA==
MIME-Version: 1.0
X-Received: by 10.194.156.170 with SMTP id wf10mr11499066wjb.25.1361060650309; Sat, 16 Feb 2013 16:24:10 -0800 (PST)
Received: by 10.194.176.169 with HTTP; Sat, 16 Feb 2013 16:24:09 -0800 (PST)
In-Reply-To: <CABrd9SS7as7S3vz2AEOJQruCF7aJRSVGjaG6awV9YWyuQaadWQ@mail.gmail.com>
References: <CABrd9SQMAGtOTcWVaUfxRE9SZS2dZVhUa3WbJVk8or_LxH6i1w@mail.gmail.com> <CAMm+LwiCQXq9ZLMGtVQMsS8MN9HRDtjg2DqTk9B8S6A7Q38J8w@mail.gmail.com> <CABrd9SS7as7S3vz2AEOJQruCF7aJRSVGjaG6awV9YWyuQaadWQ@mail.gmail.com>
Date: Sat, 16 Feb 2013 19:24:09 -0500
Message-ID: <CAMm+LwjM6w1jdZj8Z9bmBjUJ0VQMaZdGHMG4EupRtMxuDb=12w@mail.gmail.com>
Subject: Re: [therightkey] LC comments on draft-laurie-pki-sunlight-05
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Ben Laurie <benl@google.com>
Content-Type: multipart/alternative; boundary="089e012280fc94596804d5e0a0a0"
Cc: Emilia Kasper <ekasper@google.com>, "therightkey@ietf.org" <therightkey@ietf.org>, Adam Langley <agl@google.com>, IETF Discussion List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Feb 2013 00:24:12 -0000

On Sat, Feb 16, 2013 at 1:55 PM, Ben Laurie <benl@google.com> wrote:

> On 16 February 2013 10:22, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> > Sorry for the delay but I have been thinking of CT and in particular the
> > issues of
> >
> > * Latency for the CA waiting for a notary server to respond
> > * Business models for notary servers
> >
> > As a rule open source software works really well as the marginal cost of
> > production is zero. Open source services tend to sux because even though
> the
> > marginal cost of a service is negligible, large numbers times negligible
> > adds up to big numbers. Running a DNS server for a university department
> > costs very little, running it for the whole university starts to cost
> real
> > money and running a registry like .com with 99.9999% reliability ends up
> > with $100 million hardware costs.
> >
> > So the idea that I plug my business into a network of notary servers
> being
> > run by amateurs or as a community service is a non-starter for me. We
> have
> > to align the responsibility for running any server that the CA has a
> > critical dependency on with a business model.
>
> Note that we do not expect CAs to talk to _all_ log servers, only
> those that are appropriately responsive - and also note that a CA can
> fire off a dozen log requests in parallel and then just use the first
> three that come back, which would deal with any temporary log issues.
>
> We should probably add this ability to the open source stack at some point.
>
> > Looking at the CT proposal, it seems to me that we could fix the business
> > model issue and remove a lot of the CA operational issues as follows:
> >
> > 1) Each browser provider that is interested in enforcing a CT requirement
> > stands up a meta-notary server.
> >
> > 2) Each CA runs their own notary server and this is the only resource
> that
> > needs to have a check in at certificate issue.
>
> Isn't this part the only part that's actually needed? The
> meta-notaries seem like redundant extra complication (and also sound
> like they fulfil essentially the same role as monitors).
>
> I assume, btw, that by "notary server" you mean "log server"?
>
> Also, if a CA only uses its own log, what happens when it screws up
> and gets its log struck off the list of trusted logs? This is why we
> recommend some redundancy in log signatures.


That is the reason for checkpointing against meta notaries.

Otherwise a CA might not actually release the logs.

-- 
Website: http://hallambaker.com/