IETF Logo Mail Archive

Re: [perpass] Draft charter for a Transparency Working Group

Ben Laurie <benl@google.com> Tue, 07 January 2014 16:11 UTC

Return-Path: <benl@google.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7B7F1AE024 for <perpass@ietfa.amsl.com>; Tue, 7 Jan 2014 08:11:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KfNNRRHTzOfk for <perpass@ietfa.amsl.com>; Tue, 7 Jan 2014 08:10:59 -0800 (PST)
Received: from mail-vb0-x231.google.com (mail-vb0-x231.google.com [IPv6:2607:f8b0:400c:c02::231]) by ietfa.amsl.com (Postfix) with ESMTP id A06DC1AE015 for <perpass@ietf.org>; Tue, 7 Jan 2014 08:10:59 -0800 (PST)
Received: by mail-vb0-f49.google.com with SMTP id x11so244495vbb.8 for <perpass@ietf.org>; Tue, 07 Jan 2014 08:10:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=3wl0bX04bkjoZ4lBKXPSwNdJHyr7go1Li7etc6/vNZI=; b=CbMqsC/nUsYuKtdBqZffkFP6dwGhZ1pcxhREmhSkxffc9OF+SpMAlHZBDrBd4WAEJC 00P6mcXGzT+iwzddlXCxdGLutCBGI9TYj3OCS2xYRLK3AC9JakYVPIZ6ycfkudWjPxBg HWmYQrGzI2AW+cK0IoPxz/0kW98QqBzUXLyGmXDUwzahcxOHn5AcvCD+aDClotopaQ/u j3MRt3BfYKgYG0QywCL0ar7OrE6y/cYPgGfQimXgFikt5jnlmzvy6vaM0V18xii84yXJ cF4WNty50EqpHZMLdkCoMmDitE0hcGbZ4qN/Jl2YBo7TvDA2nrF3V93T+uctkoCEpA3v cJ0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=3wl0bX04bkjoZ4lBKXPSwNdJHyr7go1Li7etc6/vNZI=; b=g2wxqS8PQDiU+4zL58/oCsGfxxXnRurajqbIay3yrWVd3fzcs1dvVryyEMfNh7t4ma kQbpZky5WDg1mu30POxLnxiOrbf3RJrh77FwOc8QdNfEvgJEmchz3Zyz5Zg5HpGkkZXu JywzBYOpJp6/Fh9ipvftPz4Qp89Vn1F8023EUFyGRRrZ9vbEOvjrHIdS8OMz2QKAMDXB uvVkNfxeEUp9j2M/bHSc7CNG/gG/yiAsSZ81gY7KMaLESmgrsObUmw6TySymtgnzPFVs H9CMCwtinY1jtIbZNxB/OlsygSbnxEwtEzkyQaV0LWmb+L4ZUqOxIr9V++/vSsy96s0M jOnQ==
X-Gm-Message-State: ALoCoQnPZSk0UzK5O+pcbGN5D41JtAhkL+bMHMCgeYn+kHADD9v5PvUhl5BRXtdVLCUCzdxEh2vhJCtToJqWVX5mZ0HQkQsQcHMflWGGdmTTsDMwYbl5trAUdPZilX3WeqN3hHBozl7aujvYr69pf13QxrjOIs/E4LttCTbOeV1flxLVBa+u7fAaKMwiS4n92xyelKD69G+H
MIME-Version: 1.0
X-Received: by 10.52.164.203 with SMTP id ys11mr2694862vdb.37.1389111050471; Tue, 07 Jan 2014 08:10:50 -0800 (PST)
Received: by 10.52.169.202 with HTTP; Tue, 7 Jan 2014 08:10:50 -0800 (PST)
In-Reply-To: <A4181252-CA90-4593-9924-E1EEC91E983F@isoc.org>
References: <CABrd9STYF166vXEXNneJfPyfo5VG3LPKmzyZpAhvYnDTsy_U9g@mail.gmail.com> <52A8B1D0.2080304@dcrocker.net> <CABrd9SS9FGsm-waznAHeMr33XzprhRF=DXVjknyL-7bOyArAxg@mail.gmail.com> <CAMm+LwjNXpszKMqXr231Vti=pfwYn98Fgmuv1T5M__nhGmZHQw@mail.gmail.com> <CABrd9SSYnBRtecDSwUZUjvKJPLB+XX6Kk_9NHtQ=X-5jo4jGxQ@mail.gmail.com> <52A8E0E9.5020409@dcrocker.net> <CABrd9ST+CKNNHZ-jLd1=boeWUh-sjZf1WF5fmayCF7+DjnD65w@mail.gmail.com> <52A9E61C.8030300@bbn.com> <CABrd9SSMs0+73R9Ug3tnLGt-56sYz0XEzy1RGYy=Yx7KM4r--w@mail.gmail.com> <52C19300.3050201@bbn.com> <CABrd9SQHq+AkvvJQ6-XuwmDyT8-662GeavcU47jFoYYN8v1CAg@mail.gmail.com> <A4181252-CA90-4593-9924-E1EEC91E983F@isoc.org>
Date: Tue, 07 Jan 2014 16:10:50 +0000
Message-ID: <CABrd9SRoJeabjTK8Yxr+FWNb5LiKR=bYTigM75mf-amVOEBrUg@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Robin Wilton <wilton@isoc.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>, saag <saag@ietf.org>
Subject: Re: [perpass] Draft charter for a Transparency Working Group
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 16:11:01 -0000

On 6 January 2014 17:20, Robin Wilton <wilton@isoc.org> wrote:
> Hi all -
>
> A further suggestion inline. One motivation for my suggesting a change is
> that I am instinctively uneasy when the word "proof" crops up in this kind
> of context. I think what we're doing is providing the means to accrue
> evidence, on the basis of which someone can make an inference as to whether
> correct log behaviour has been recorded.

My suggestion already eliminated the word "proof". But I quite like
your suggestion, too. Note, however, we are on the wrong lists. I will
post a revised draft charter to therightkey shortly.

>
> R
>
>
> On 6 Jan 2014, at 17:02, Ben Laurie wrote:
>
> On 30 December 2013 15:36, Stephen Kent <kent@bbn.com> wrote:
>
> Ben,
>
>
> How's this?
>
>
> [1] A cryptographically verifiable log is an append-only log of hashes
>
> of more-or-less anything that can prove its own correctness
>
> cryptographically.
>
>
> For example, from RFC 6962: “The append-only property of each log is
>
> technically achieved using Merkle Trees, which can be used to show
>
> that any particular version of the log is a superset of any particular
>
> previous version. Likewise, Merkle Trees avoid the need to blindly
>
> trust logs: if a log attempts to show different things to different
>
> people, this can be efficiently detected by comparing tree roots and
>
> consistency proofs. Similarly, other misbehaviours of any log (e.g.,
>
> issuing signed timestamps for certificates they then don't log) can be
>
> efficiently detected and proved to the world at large.”
>
>
> See RFC 6962,
>
> http://www.links.org/files/CertificateTransparencyVersion2.1a.pdf
>
> and http://www.links.org/files/RevocationTransparency.pdf for
>
> background.
>
>
> Sorry to be so late in responding; holidays ...
>
>
> Likewise.
>
> The text describing how 6962 uses Merkle trees is good. I think the
>
> phrase "prove its own correctness" is way too broad. The example
>
> you cite shows how to demonstrate internal consistency for a log,
>
> and to enable third parties to verify certain lob properties. That
>
> is much narrower than what the term "correctness" implies.
>
>
> How about, instead of "can prove its own correctness
> cryptographically", we say "allows efficient verification of
> behaviour"?
>
>
> "A cryptographically verifiable log is an append-only log of hashes,
> structured in such a way as to provide efficiently-accessible,
> cryptographically-supported evidence of correct [log] behaviour".
>
> That way, you capture the following:
>
> - use of hashing/cryptographic mechanisms to maintain the integrity of the
> evidence trail
> - reference to the relevance of structure (Merkle trees)
> - de-coupling of the evidence (signed records) from what it is that the
> evidence is intended to show (correct behaviour)
>
> Hope this helps -
>
> Robin
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>
>

v2.31.3 | Report a Bug | By Email | System Status