Re: [therightkey] LC comments on draft-laurie-pki-sunlight-05

Ben Laurie <benl@google.com> Fri, 22 February 2013 11:18 UTC

Return-Path: <benl@google.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB51A21F8740 for <ietf@ietfa.amsl.com>; Fri, 22 Feb 2013 03:18:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.978
X-Spam-Level:
X-Spam-Status: No, score=-101.978 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EV6Czxnh4Tio for <ietf@ietfa.amsl.com>; Fri, 22 Feb 2013 03:18:48 -0800 (PST)
Received: from mail-ia0-x229.google.com (ia-in-x0229.1e100.net [IPv6:2607:f8b0:4001:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id CC1D621F8721 for <ietf@ietf.org>; Fri, 22 Feb 2013 03:18:42 -0800 (PST)
Received: by mail-ia0-f169.google.com with SMTP id j5so445842iaf.28 for <ietf@ietf.org>; Fri, 22 Feb 2013 03:18:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=ZwGzg2BH62kO5rVkpbM2lcWy9kHgZGwHszJsALrYc4g=; b=L7E/4p5VPOx58/lpz1QOazigUp4WpYhpYLCBUQFs5d4ycZSv88kU+aSDK5N4kIc3Ty A1iKXlHP52HoSWiAIAJClCdrYHubniel0GUN2lPBX5E7RpHej5dc4TZMt40XyKbsgEaG QPDJypbm8H1whmJMC0/tT3zOAyc/FOOOM11qzCK/SKQgbpJGXSRLP7Qh4j0mQmMDwsZD VnmclVGVhzhIlXFbV7MVcNYF16Vtx8qcZ2qMqFTQyIy99/lT5Jh0Uqfov1jOwd9Rh63q QsjeQF3eJ/u5zwywhgb3CAWxRJJzYxRx/wkgqhnMH742O1FvbAhc0ZNkk/YCBkgrbdol LMvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=ZwGzg2BH62kO5rVkpbM2lcWy9kHgZGwHszJsALrYc4g=; b=T+FqW5lTIJijYURCSUFXefgyfppvAW19CMShx7q2wRzZ2dXgGfqXtMD+K0lOOQxiJd 98Jw7JDkWnsBo2c8fud9Bdc5SNqhNfuD5v0w2MxxiNAKSvuhiGVJYzM4JXTw3aEa9LUa nOjLwhknzir6e1aJUSY/QGLAphqIapqHvE554V6wb7C7HjZ++MWTyu2hQLcFl2/rYDmv wIkJbNVFx2pFvu3A0U3l3baRcRJmSMaBsOvv73LEqgAk0EUwEeYq1a7fXvacg59lihxg oOJWOx2VHIMthkPCREC7dfiN3YlOQoBED7+bC5lXXU5maXLWYYnGv5xHZGCPHt318gMw skrw==
MIME-Version: 1.0
X-Received: by 10.50.212.3 with SMTP id ng3mr713534igc.43.1361531922420; Fri, 22 Feb 2013 03:18:42 -0800 (PST)
Received: by 10.64.140.71 with HTTP; Fri, 22 Feb 2013 03:18:42 -0800 (PST)
In-Reply-To: <CAMm+LwjM6w1jdZj8Z9bmBjUJ0VQMaZdGHMG4EupRtMxuDb=12w@mail.gmail.com>
References: <CABrd9SQMAGtOTcWVaUfxRE9SZS2dZVhUa3WbJVk8or_LxH6i1w@mail.gmail.com> <CAMm+LwiCQXq9ZLMGtVQMsS8MN9HRDtjg2DqTk9B8S6A7Q38J8w@mail.gmail.com> <CABrd9SS7as7S3vz2AEOJQruCF7aJRSVGjaG6awV9YWyuQaadWQ@mail.gmail.com> <CAMm+LwjM6w1jdZj8Z9bmBjUJ0VQMaZdGHMG4EupRtMxuDb=12w@mail.gmail.com>
Date: Fri, 22 Feb 2013 11:18:42 +0000
Message-ID: <CABrd9SR0z+aWUvW0Ok+hsbi+5rYkuQYzSaZxUCi3VcT+_XPzcQ@mail.gmail.com>
Subject: Re: [therightkey] LC comments on draft-laurie-pki-sunlight-05
From: Ben Laurie <benl@google.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQlW6+oh422cjqIJz7Im03RVaobaidh8femIQL8MFxeZYvyDxmOyJ+hI1USnUCMcTAUCrvjMRS9DmYbUOQe6qU9/JlOauKv90mNvAKl0bWKQKOwWI8BWQfVQq12V8Fg/LAvQUwL7L4HnhfJNeo52qq8Bato2bV8OAZ19X2AOYjgjIKI36Nfpj8BgYZDr7LN+yNYeMPAE
Cc: Emilia Kasper <ekasper@google.com>, "therightkey@ietf.org" <therightkey@ietf.org>, Adam Langley <agl@google.com>, IETF Discussion List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2013 11:18:48 -0000

On 17 February 2013 00:24, Phillip Hallam-Baker <hallam@gmail.com> wrote:
>
>
> On Sat, Feb 16, 2013 at 1:55 PM, Ben Laurie <benl@google.com> wrote:
>>
>> On 16 February 2013 10:22, Phillip Hallam-Baker <hallam@gmail.com> wrote:
>> > Sorry for the delay but I have been thinking of CT and in particular the
>> > issues of
>> >
>> > * Latency for the CA waiting for a notary server to respond
>> > * Business models for notary servers
>> >
>> > As a rule open source software works really well as the marginal cost of
>> > production is zero. Open source services tend to sux because even though
>> > the
>> > marginal cost of a service is negligible, large numbers times negligible
>> > adds up to big numbers. Running a DNS server for a university department
>> > costs very little, running it for the whole university starts to cost
>> > real
>> > money and running a registry like .com with 99.9999% reliability ends up
>> > with $100 million hardware costs.
>> >
>> > So the idea that I plug my business into a network of notary servers
>> > being
>> > run by amateurs or as a community service is a non-starter for me. We
>> > have
>> > to align the responsibility for running any server that the CA has a
>> > critical dependency on with a business model.
>>
>> Note that we do not expect CAs to talk to _all_ log servers, only
>> those that are appropriately responsive - and also note that a CA can
>> fire off a dozen log requests in parallel and then just use the first
>> three that come back, which would deal with any temporary log issues.
>>
>> We should probably add this ability to the open source stack at some
>> point.
>>
>> > Looking at the CT proposal, it seems to me that we could fix the
>> > business
>> > model issue and remove a lot of the CA operational issues as follows:
>> >
>> > 1) Each browser provider that is interested in enforcing a CT
>> > requirement
>> > stands up a meta-notary server.
>> >
>> > 2) Each CA runs their own notary server and this is the only resource
>> > that
>> > needs to have a check in at certificate issue.
>>
>> Isn't this part the only part that's actually needed? The
>> meta-notaries seem like redundant extra complication (and also sound
>> like they fulfil essentially the same role as monitors).
>>
>> I assume, btw, that by "notary server" you mean "log server"?
>>
>> Also, if a CA only uses its own log, what happens when it screws up
>> and gets its log struck off the list of trusted logs? This is why we
>> recommend some redundancy in log signatures.
>
>
> That is the reason for checkpointing against meta notaries.
>
> Otherwise a CA might not actually release the logs.

An unreleased log is not compliant - and so would not be accepted by browsers.