Re: [Ilc] Clarifications and thoughts purpose of ILC list

Ben Laurie <ben@links.org> Sun, 26 February 2017 21:25 UTC

Return-Path: <benlaurie@gmail.com>
X-Original-To: ilc@ietfa.amsl.com
Delivered-To: ilc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC0F0129459 for <ilc@ietfa.amsl.com>; Sun, 26 Feb 2017 13:25:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.47
X-Spam-Level:
X-Spam-Status: No, score=-0.47 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.229, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kW2uR_FgOkOB for <ilc@ietfa.amsl.com>; Sun, 26 Feb 2017 13:25:26 -0800 (PST)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF8BC129457 for <ilc@ietf.org>; Sun, 26 Feb 2017 13:25:25 -0800 (PST)
Received: by mail-wm0-x236.google.com with SMTP id u199so5401374wmd.1 for <ilc@ietf.org>; Sun, 26 Feb 2017 13:25:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=1AHsWeLFbrPuahxog3KCiP3BX1iqZCARAnBM2qcvAZE=; b=BkHGAFODk67+0WCH69EyhH8hNLNis7vlpjzCjGQ/q+sF35pa7r5ZfIL94dJetm9AHl iMJK9W4Lbm8FGb9RYuvzblUM/VIb4o7SB3bckk8/CjvHJoSkcKbEQRU5miVCmowkyfVK LqQLT+GNj9o+I7ddoY6dlasQWFRpSnsE9zk+gHl42CVmyoJo07XESi/mNg3nhSuhJ2SR M1hP0JKwPXN9Jg2N9z9ey8PNKsU4oEG3NdQBi/k8MCd5p0o1x0e2j54v3rRZHTILBNJf tnyYavlEYyGv/KD6xcKzpdLKnMYx8NYo/W412ndpyYJ6ZdtDsFA96ihACca+Z6CB8UhQ PRTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=1AHsWeLFbrPuahxog3KCiP3BX1iqZCARAnBM2qcvAZE=; b=lEi8nT5xGrgjxbbSbAw9in2trLzoTrJzNms91NEBnHRM3EoDLH7uacMq6oSorG07XX ioOn3eXvOW2adkUCVQwpOsYn7iQUlwQG9ylFc1jEEFf8zHhoR9Bl3sr4WEp6OodYJHv9 Nhi6jXBgl9/fpWYUwxe1ggah0GZCSa687NqynX5zixK9hJBwmKAI2Ka3tL3jxVKvuJQ6 sMBgjbxd8OxN15L3i+32bGEc9Mwtul2rn4GBFTMT94KAKM0M5m2ag8f74JeZrG1Iud70 R8tvX4Af4B27iC+uhNFqab1KEoTxe3CRbBrEO7A6k4vf4xsncjkfpC0KBxwPBuhO+1bK G1Qw==
X-Gm-Message-State: AMke39mvj9eFhoVHCwrTXlAHuhm75uZgYxIsj3MuHZynDx6iErlDKwKjqSwiksA6CFfsM+XXhyz0xXUZMW0O1Q==
X-Received: by 10.28.134.67 with SMTP id i64mr10438363wmd.5.1488144324168; Sun, 26 Feb 2017 13:25:24 -0800 (PST)
MIME-Version: 1.0
Sender: benlaurie@gmail.com
Received: by 10.28.166.208 with HTTP; Sun, 26 Feb 2017 13:25:23 -0800 (PST)
In-Reply-To: <87zihcbj75.fsf@ta.scs.stanford.edu>
References: <87bmu194rx.fsf@ta.scs.stanford.edu> <CAG5KPzxXu8yuBzg08hjf0aV9hOTgAsAPo_E1P6kLWKTcs76q=g@mail.gmail.com> <878towah6b.fsf@ta.scs.stanford.edu> <CAG5KPzx20aq3aLAh1snSK9kpUpMt=0QVODV-vd04EDBORU9c8A@mail.gmail.com> <87zihcbj75.fsf@ta.scs.stanford.edu>
From: Ben Laurie <ben@links.org>
Date: Sun, 26 Feb 2017 21:25:23 +0000
X-Google-Sender-Auth: 9GLwQdE1Jm4DXC9E__0VvhvkNw8
Message-ID: <CAG5KPzzEPmKLW06ZieDYDjwB=AmXb6HVp_7sY2Aa1aLbfLqbNg@mail.gmail.com>
To: David Mazieres expires 2017-05-24 PDT <mazieres-5bbkvfxdf6b8s5jj7rhxhtamxa@temporary-address.scs.stanford.edu>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/ilc/9s6zknKTDmuQQCeXGGpOtXO7k58>
Cc: ilc@ietf.org
Subject: Re: [Ilc] Clarifications and thoughts purpose of ILC list
X-BeenThere: ilc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of mechanisms and applications for Internet-level consensus." <ilc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ilc>, <mailto:ilc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ilc/>
List-Post: <mailto:ilc@ietf.org>
List-Help: <mailto:ilc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ilc>, <mailto:ilc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Feb 2017 21:25:27 -0000

On 23 February 2017 at 23:06, David Mazieres
<dm-list-ietf-ilc@scs.stanford.edu> wrote:
> Ben Laurie <ben@links.org> writes:
>
>>> Well, there's at least one existence proof, which is the SCP protocol we
>>> use at Stellar.  SCP changes the question slightly from whether the
>>> system is subvertible to who is being subverted, because it depends on
>>> whom people trust.  E.g., if you trust TurkTrust and I trust the
>>> conjunction of the ACLU and Google, you might get subverted because
>>> TurkTrust has been known to issue bad certificates.  On the other hand,
>>> even if Google somehow gets compromised, that won't subvert my view of
>>> the world so long as the ACLU remains honest.
>>
>> OK, so here's where I get to confess that I don't understand Stellar,
>> and, worse, I don't know anyone who does.
>>
>> Is there an idiot's guide somewhere?
>
> Well, there is a cartoon guide, but I don't actually think it will be
> useful in this context:
>
>         https://www.stellar.org/stories/adventures-in-galactic-consensus-chapter-1/

Well, its fun.

> The canonical guide is of course the whitepaper, which is probably hard
> to read:
>
>         https://www.stellar.org/papers/stellar-consensus-protocol.pdf
>
> Maybe the most accessible rendition right now is my Google tech talk:
>
>         http://www.scs.stanford.edu/~dm/20160606-scp-talk.pdf
>         https://www.youtube.com/watch?v=vmwnhZmEZjc&feature=youtu.be

OK, this was very helpful.

I was struck by your remark that enumerating the set of bad things
that might happen to you is exponential time. At least, I think you
said that. That doesn't seem like a great security property.

>
>> That said, the properties you claim are also trivially obtainable with
>> a CT-like system, so I totally buy it can be done. But I don't see how
>> this corresponds to the popular notion of "permissionless"? Not that I
>> actually care, btw.
>
> My understanding of CT may be out of date, but I thought CT was a
> disjunctive system, as in any log can vouch for a certificate.  As I
> envision Internet-level consensus, you could insist on, say, 7 out of 10
> log authorities signing off something that guarantees publication of the
> certificate.

In practice, this is how CT works - Chrome has a policy on what logs
must be used, for example. Full details here:
https://www.chromium.org/Home/chromium-security/certificate-transparency.

Obviously, if you are Joe Random, you can insist on some other policy.
But the world is unlikely to provide it for you.

>> a) it seems utterly disconnected with the standard view of
>> "permissionless", so I think real care is needed with the charter.
>
> I think the term permissionless may just not be useful in this context,
> because even though it has been used to describe systems related to
> Internet-level consensus, there are other potential solutions that don't
> fit the permissioned/permissionless binary model.

Agree.

>
>> b) whilst I think everyone should choose who they trust, in practice
>> this is mostly totally unusable. The ability to do it is not a system
>> problem: you have an answer in Stellar, I have one in CT/Trillian.
>> Others exist, I am sure. The problem is usability. Who chooses the CAs
>> you trust, for example? Not you (for most values of "you"), that's for
>> sure.
>
> Well, in my ideal world the browser vendors would ship some reasonable
> default, but if I'm paranoid, I can add the ACLU and EFF, etc.  More
> importantly, it should not be a pure disjunction where any CA can issue
> any certificate, but rather should require some threshold.  Here we are
> veering into CT 2.0 territory, because that's not how certificates
> currently work, but there are other transparency applications that could
> use such a threshold model from the start.

OK, I am up for some kind of pluggable "what is the consensus"
infrastructure, but what you propose here is a major departure from
how things work right now. Such departures are hard.

>
> What consensus mechanism does Trillian plug into?  I had assumed
> Trillian was what an individual authority would do, but I could probably
> use some education about the bigger picture.

You are correct that Trillian is infrastructure. My vision is that
logs would log each other's tree heads. Obviously this is unlikely to
be universal, so is in some way the dual of your quorum slices.

>
> Thanks,
> David