IETF Logo Mail Archive

Re: [therightkey] Revised Draft Charter for Transparency WG

Ben Laurie <benl@google.com> Tue, 07 January 2014 18:08 UTC

Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB5C31AE0C6 for <therightkey@ietfa.amsl.com>; Tue, 7 Jan 2014 10:08:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2utxtLowazJU for <therightkey@ietfa.amsl.com>; Tue, 7 Jan 2014 10:08:43 -0800 (PST)
Received: from mail-ve0-x22e.google.com (mail-ve0-x22e.google.com [IPv6:2607:f8b0:400c:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 119261AE0F3 for <therightkey@ietf.org>; Tue, 7 Jan 2014 10:08:42 -0800 (PST)
Received: by mail-ve0-f174.google.com with SMTP id pa12so410297veb.19 for <therightkey@ietf.org>; Tue, 07 Jan 2014 10:08:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=5SruhkLVFWrV95a4AVdJH2WpdYjBsWD9f/1gfx4Cnwc=; b=ZT3tPttQ8ZqUIqxLDguGEr8pOKiWFH8s/qzukfg9MGJGwrQkN3UVHPiQ35QqlI5VVn FTaY0r2OpeOJGLdyb4qT/IM2JkMvJaatXbwotTb+58N0ZOFvCo3PFUGUXYGqli/5st1q MJ+anv29p7FKxM0uARqNUKo9+2oVskDbnoiehAKs9okHEnWcl1BOrK7Bgydmarw+8zbN jP1UMyEEJVD1ZH0zlHkia5B7+RbN9spcR8pM4l8AcxL//dcswRM38ciJPEh7ZLQR2c2N mv0bDFVa5V9zMSeO/TnNPEa9DX3K4IO+/dQgtf7RyDuz3Q01sZdl7jh7tEkhqcns8nZk KyVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=5SruhkLVFWrV95a4AVdJH2WpdYjBsWD9f/1gfx4Cnwc=; b=a59nLSX9/wJsbhULYulrI2R4HbV4r15c1he4TR16i2l/9b6sMjd+7QL+KvGUoFF5Ai qgcwBleQwTMXr+QJlQU2Arz5vaDDc/Ge2OOi84H6oFjMr4q5/60WiHvWv9VagN4KkVhV XO++JQ/98chlYBQ5vU0YgyrNmjqAcY4nKaEhCoVznyoQ1QaNGHxoHTKViMTwq6dNKVx7 8Oj1G3/qxlcv0bBgbGBGmLig4Pb40Y53xdp+S8D/VuMeuAixzyBrn6WchqYus/YPcGj9 /8PQkFKdRfVfAhrxD2rpvJkhUryIkhrfQAXy7uAgfIyTYBYKSC+aDVPVt8IcGhnhPn86 vB2A==
X-Gm-Message-State: ALoCoQlnNd1U9u8V2sSc1OfVBCH7V003F5FZ8sEVs0t7BmcGANKQso028XtgXn80xitPCkf+yM5+imgnlTn0sX46s8ZpE0BWKmLXzZV1BLbXnStUMkW0669CYqFeUHwiNO2RFAl0CiEdHXpZnU5f8pFyvlcl2nzVa6LPxdSyMnLExEsv/pd8UcRpS9zXQnlIKOnQvmTXgZNp
MIME-Version: 1.0
X-Received: by 10.52.160.38 with SMTP id xh6mr3608954vdb.39.1389118113901; Tue, 07 Jan 2014 10:08:33 -0800 (PST)
Received: by 10.52.169.202 with HTTP; Tue, 7 Jan 2014 10:08:33 -0800 (PST)
In-Reply-To: <A6F80180-95B8-43BE-BAAE-9E864CCBFE53@entrust.com>
References: <CABrd9SSRGzC1gnAm+6Wy2w3FamSgvFK09cHqPXAqH7Ky-n8wtQ@mail.gmail.com> <FA82C4B0-80FB-47FC-A4C6-3EE59238ADAC@entrust.com> <CABrd9SRPExNOvmoG5Rhxh-qmpHMeQDGMvRS6-0MQQVi2pG2gnw@mail.gmail.com> <6E6E4126-34A4-4633-A253-0996646FF5A5@entrust.com> <CABrd9SRDTWKkNkAEkHebhR1jmFHroW9v5qdRPR38vUhYO9Cz2w@mail.gmail.com> <A6F80180-95B8-43BE-BAAE-9E864CCBFE53@entrust.com>
Date: Tue, 7 Jan 2014 18:08:33 +0000
Message-ID: <CABrd9STpOi=+E6RaNMUi+wxtHs+M9GwcYsW2c84mNf_-RP7Oqw@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Tim Moses <tim.moses@entrust.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] Revised Draft Charter for Transparency WG
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 18:08:51 -0000

On 7 January 2014 18:04, Tim Moses <tim.moses@entrust.com> wrote:
> I see. It seems unfortunate that reliance on one or more time stamps is not sufficient, but that the client also has to consult the log.

The client audits the log, which is a different thing.

To make a TLS connection, the timestamps are sufficient.

>
> All the best. Tim.
>
>> On Jan 7, 2014, at 12:40 PM, "Ben Laurie" <benl@google.com> wrote:
>>
>>> On 7 January 2014 17:26, Tim Moses <tim.moses@entrust.com> wrote:
>>> Ok.  But that's at least one additional round trip, right?
>>
>> It does not need to be done before accepting the certificate. CT is
>> designed around responsiveness at the cost of finding out bad things
>> happened a little late. But this seems like an acceptable trade-off,
>> since a log still can only misbehave once (or for a short period of
>> time), which makes the cost of doing so very high.
>>
>>> Is it more realistic to say that the protocol fails if ALL of the CA and every timestamp relied upon is untrustworthy?
>>
>> I'm not sure what you mean by this, but perhaps the above makes it irrelevant?
>>
>>>
>>> All the best. Tim.
>>>
>>>
>>>>> On Jan 7, 2014, at 12:07 PM, "Ben Laurie" <benl@google.com> wrote:
>>>>>
>>>>> On 7 January 2014 16:37, Tim Moses <tim.moses@entrust.com> wrote:
>>>>> Hi Ben.  Is it explained somewhere how it would be discovered that a log had issued a time stamp for a certificate that it then did not log?
>>>>
>>>> RFC 6962, Section 5.4 "Auditor".
>>>>
>>>>> According to my understanding, the time stamp would only be distributed within a certificate or OCSP response, and (therefore) its existence would not necessarily be apparent to an auditor.
>>>>
>>>> If no-one ever sees the certificate, then whether an SCT was issued or
>>>> not is unimportant. This is why recipients of certificates need to at
>>>> least audit the certificates they see.
>>>>
>>>> In the RFC "auditor" is a role that may be incorporated in other
>>>> things. From the RFC: "An auditor might be an integral component of a
>>>> TLS client".
>>>>
>>>> There may be a better way of explaining this.
>>>>
>>>> Possibly something to this effect should've been added to 5.2. I've
>>>> added an issue (https://code.google.com/p/certificate-transparency/issues/detail?id=25).
>>>>
>>>>> Maybe I missed something.
>>>>>
>>>>> All the best. Tim.
>>>>>
>>>>>> On Jan 7, 2014, at 11:14 AM, "Ben Laurie" <benl@google.com> wrote:
>>>>>>
>>>>>> Problem statement: many Internet protocols require a mapping between
>>>>>> some kind of identifier and some kind of key, for example, HTTPS,
>>>>>> SMTPS, IPSec, DNSSEC and OpenPGP.
>>>>>>
>>>>>>
>>>>>> These protocols rely on either ad-hoc mappings, or on authorities
>>>>>> which attest to the mappings.
>>>>>>
>>>>>>
>>>>>> History shows that neither of these mechanisms is entirely
>>>>>> satisfactory. Ad-hoc mappings are difficult to discover and maintain,
>>>>>> and authorities make mistakes or are subverted.
>>>>>>
>>>>>>
>>>>>> Cryptographically verifiable logs[1] can help to ameliorate the
>>>>>> problems by making it possible to discover and rectify errors before
>>>>>> they can cause harm.
>>>>>>
>>>>>>
>>>>>> These logs can also assist with other interesting problems, such as
>>>>>> how to assure end users that software they are running is, indeed, the
>>>>>> software they intend to run.
>>>>>>
>>>>>>
>>>>>> Work items: Specify a standards-track mechanism to apply verifiable
>>>>>> logs to HTTP/TLS (i.e. RFC 6962-bis).
>>>>>>
>>>>>>
>>>>>> Discuss mechanisms and techniques that allow cryptographically
>>>>>> verifiable logs to be deployed to improve the security of protocols
>>>>>> and software distribution. Where such mechanisms appear sufficiently
>>>>>> useful, the WG will re-charter to add relevant new work items.
>>>>>>
>>>>>>
>>>>>> [1] A cryptographically verifiable log is an append-only log of hashes
>>>>>> of more-or-less anything that  is structured in such a way as to
>>>>>> provide efficiently-accessible, cryptographically-supported evidence
>>>>>> of correct log behaviour.
>>>>>>
>>>>>>
>>>>>> For example, from RFC 6962: “The append-only property of each log is
>>>>>> technically achieved using Merkle Trees, which can be used to show
>>>>>> that any particular version of the log is a superset of any particular
>>>>>> previous version. Likewise, Merkle Trees avoid the need to blindly
>>>>>> trust logs: if a log attempts to show different things to different
>>>>>> people, this can be efficiently detected by comparing tree roots and
>>>>>> consistency proofs. Similarly, other misbehaviors of any log (e.g.,
>>>>>> issuing signed timestamps for certificates they then don't log) can be
>>>>>> efficiently detected and proved to the world at large.”
>>>>>>
>>>>>>
>>>>>> See RFC 6962, http://www.links.org/files/CertificateTransparencyVersion2.1a.pdf
>>>>>> and http://www.links.org/files/RevocationTransparency.pdf for
>>>>>> background.
>>>>>> _______________________________________________
>>>>>> therightkey mailing list
>>>>>> therightkey@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/therightkey

v2.8.7 | Report a Bug | By Email