IETF Logo Mail Archive

Re: [therightkey] Revised Draft Charter for Transparency WG

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 14 January 2014 18:03 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B4581AE029 for <therightkey@ietfa.amsl.com>; Tue, 14 Jan 2014 10:03:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Level:
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2X5EuFmRNiyl for <therightkey@ietfa.amsl.com>; Tue, 14 Jan 2014 10:02:58 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 814121ADFB6 for <therightkey@ietf.org>; Tue, 14 Jan 2014 10:02:58 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id DE043BE3E; Tue, 14 Jan 2014 18:02:46 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mm-7QKVjLAOg; Tue, 14 Jan 2014 18:02:46 +0000 (GMT)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B9B3DBE38; Tue, 14 Jan 2014 18:02:46 +0000 (GMT)
Message-ID: <52D57BC7.1050905@cs.tcd.ie>
Date: Tue, 14 Jan 2014 18:02:47 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>, Ben Laurie <benl@google.com>
References: <CABrd9SSRGzC1gnAm+6Wy2w3FamSgvFK09cHqPXAqH7Ky-n8wtQ@mail.gmail.com> <C3D78338-B351-42C3-841F-BC46075AFC80@vpnc.org>
In-Reply-To: <C3D78338-B351-42C3-841F-BC46075AFC80@vpnc.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] Revised Draft Charter for Transparency WG
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2014 18:03:00 -0000

Thanks Ben, Paul.

I've kicked off the chartering process. [1]

All going smoothly (which it doesn't always;-) this
could be a WG at IETF-89.

I've put in a placeholder BoF request so a slot is
assigned for that when we schedule the meeting.
(That's [2] which you can ignore unless someone
asks why its there.)

Cheers,
S.

[1] https://datatracker.ietf.org/doc/charter-ietf-trans/
[2] https://trac.tools.ietf.org/bof/trac/wiki/WikiStart#Security


On 01/07/2014 04:35 PM, Paul Hoffman wrote:
> I support the formation of this WG with basically this charter. However, having footnote in a charter make it harder to read. Having URLs that are not somewhat guaranteed to be available forever (such as those run by the IETF) make the charter unstable. A proposed editorial-only cleanup:
> 
> Problem statement:
> 
> Many Internet protocols require a mapping between some kind of identifier and some kind of
> key, for example, HTTPS, SMTPS, IPSec, DNSSEC and OpenPGP.
> 
> These protocols rely on either ad-hoc mappings, or on authorities which attest to the
> mappings.
> 
> History shows that neither of these mechanisms is entirely satisfactory. Ad-hoc mappings are
> difficult to discover and maintain, and authorities make mistakes or are subverted.
> 
> Cryptographically verifiable logs can help to ameliorate the problems by making it possible
> to discover and rectify errors before they can cause harm. A cryptographically verifiable
> log is an append-only log of hashes of more-or-less anything that  is structured in such a
> way as to provide efficiently-accessible, cryptographically-supported evidence of correct
> log behaviour. For example, RFC 6962 says: "The append-only property of each log is
> technically achieved using Merkle Trees, which can be used to show that any particular
> version of the log is a superset of any particular previous version. Likewise, Merkle Trees
> avoid the need to blindly trust logs: if a log attempts to show different things to
> different people, this can be efficiently detected by comparing tree roots and consistency
> proofs. Similarly, other misbehaviors of any log (e.g., issuing signed timestamps for
> certificates they then don't log) can be efficiently detected and proved to the world at
> large."
> 
> These logs can also assist with other interesting problems, such as how to assure end users
> that software they are running is, indeed, the software they intend to run.
> 
> Work items:
> 
> - Publish an update to RFC 6962 as a standards-track mechanism to apply verifiable logs to
> HTTP over TLS.
> 
> - Discuss mechanisms and techniques that allow cryptographically verifiable logs to be
> deployed to improve the security of protocols and software distribution. Where such
> mechanisms appear sufficiently useful, the WG will re-charter to add relevant new work items.
> 
> _______________________________________________
> therightkey mailing list
> therightkey@ietf.org
> https://www.ietf.org/mailman/listinfo/therightkey
> 
>

v2.8.7 | Report a Bug | By Email