IETF Logo Mail Archive

Re: [perpass] Draft charter for a Transparency Working Group

Phillip Hallam-Baker <hallam@gmail.com> Fri, 13 December 2013 14:17 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1EF81AE2B4; Fri, 13 Dec 2013 06:17:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G7cnG8KbhsHs; Fri, 13 Dec 2013 06:17:12 -0800 (PST)
Received: from mail-we0-x22a.google.com (mail-we0-x22a.google.com [IPv6:2a00:1450:400c:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 412881AE2B0; Fri, 13 Dec 2013 06:17:12 -0800 (PST)
Received: by mail-we0-f170.google.com with SMTP id w61so1943958wes.15 for <multiple recipients>; Fri, 13 Dec 2013 06:17:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mluI2uBD81K80pxJsICygTVb1wQ3spH0o+tS+rCSCDE=; b=YjGOwlCgGwC2zyjjO3pkk7wppRCKPsLJibJn4zZEebtxUoEqckKKBUVMmF70zc3gAD yeuSsAGIAaKdQ48PmGCtZ1JEWRK3usl+utBtMFVE5n9d7Wv3/FyDi9jtimtR1IhVtr6K 3hWDN63toAAA5VNsjg8RJ2TKwJuSfbnNraL+eZtT8mL4VYORjh2MuoPl+zaHySdpp7dP Ji2SgKUOLHcW5lgjLNaxqoGlxpnihDokiESr+Q4qqfPhTtez+QJCDoUQOSdOyvdVSVY8 AWzK+Oxqkg5+bltRudxDkRGA2W4jJDsaEZfUmdsOaN9Q7SmfdcZ8NeycUoeFg+BDEmWJ xdog==
MIME-Version: 1.0
X-Received: by 10.194.119.132 with SMTP id ku4mr2473022wjb.51.1386944225447; Fri, 13 Dec 2013 06:17:05 -0800 (PST)
Received: by 10.194.243.136 with HTTP; Fri, 13 Dec 2013 06:17:05 -0800 (PST)
In-Reply-To: <CABrd9SSMs0+73R9Ug3tnLGt-56sYz0XEzy1RGYy=Yx7KM4r--w@mail.gmail.com>
References: <CABrd9STYF166vXEXNneJfPyfo5VG3LPKmzyZpAhvYnDTsy_U9g@mail.gmail.com> <52A8B1D0.2080304@dcrocker.net> <CABrd9SS9FGsm-waznAHeMr33XzprhRF=DXVjknyL-7bOyArAxg@mail.gmail.com> <CAMm+LwjNXpszKMqXr231Vti=pfwYn98Fgmuv1T5M__nhGmZHQw@mail.gmail.com> <CABrd9SSYnBRtecDSwUZUjvKJPLB+XX6Kk_9NHtQ=X-5jo4jGxQ@mail.gmail.com> <52A8E0E9.5020409@dcrocker.net> <CABrd9ST+CKNNHZ-jLd1=boeWUh-sjZf1WF5fmayCF7+DjnD65w@mail.gmail.com> <52A9E61C.8030300@bbn.com> <CABrd9SSMs0+73R9Ug3tnLGt-56sYz0XEzy1RGYy=Yx7KM4r--w@mail.gmail.com>
Date: Fri, 13 Dec 2013 09:17:05 -0500
Message-ID: <CAMm+LwhAVrewDRohXZ-0HJo-VbPhM2k2vndKfKqj4_qaX=Gb8g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Ben Laurie <benl@google.com>
Content-Type: multipart/alternative; boundary="089e01228d72e1991904ed6b1d5c"
Cc: perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>, saag <saag@ietf.org>
Subject: Re: [perpass] Draft charter for a Transparency Working Group
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Dec 2013 14:17:15 -0000

On Thu, Dec 12, 2013 at 1:51 PM, Ben Laurie <benl@google.com> wrote:

> How's this?
>
> [1] A cryptographically verifiable log is an append-only log of hashes
> of more-or-less anything that can prove its own correctness
> cryptographically.
>
> For example, from RFC 6962: “The append-only property of each log is
> technically achieved using Merkle Trees, which can be used to show
> that any particular version of the log is a superset of any particular
> previous version. Likewise, Merkle Trees avoid the need to blindly
> trust logs: if a log attempts to show different things to different
> people, this can be efficiently detected by comparing tree roots and
> consistency proofs. Similarly, other misbehaviours of any log (e.g.,
> issuing signed timestamps for certificates they then don't log) can be
> efficiently detected and proved to the world at large.”


I disagree. The Merkle tree part is only relevant to verification
efficiency. And I would want to look into it a lot further before
committing to that particular approach due to the Micali patents and other
patents applying Merkle to catenate certs.

The property that is important is the chaining of one hash to the next and
that is the property that is definitively out of patent.


For email security I am not planning to use trees at all or at least not in
that way. Chains are simpler to debug and the additional overhead largely
irrelevant as all the certificate validation and evaluation can be done
offline.

Latency is not a concern as this is a store and forward protocol or a
messaging protocol. The time it takes someone to pick up the phone is
always going to be much longer than any key evaluation process.

-- 
Website: http://hallambaker.com/

v2.31.3 | Report a Bug | By Email | System Status