IETF Logo Mail Archive

Re: [therightkey] Revised Draft Charter for Transparency WG

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 07 January 2014 16:35 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4939D1ADFA0 for <therightkey@ietfa.amsl.com>; Tue, 7 Jan 2014 08:35:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhLCDrtwa6r2 for <therightkey@ietfa.amsl.com>; Tue, 7 Jan 2014 08:35:29 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 231D91ADF72 for <therightkey@ietf.org>; Tue, 7 Jan 2014 08:35:29 -0800 (PST)
Received: from [10.20.30.90] (50-1-51-230.dsl.dynamic.fusionbroadband.com [50.1.51.230]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id s07GFMuC033297 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 7 Jan 2014 09:15:23 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-51-230.dsl.dynamic.fusionbroadband.com [50.1.51.230] claimed to be [10.20.30.90]
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CABrd9SSRGzC1gnAm+6Wy2w3FamSgvFK09cHqPXAqH7Ky-n8wtQ@mail.gmail.com>
Date: Tue, 7 Jan 2014 08:35:16 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <C3D78338-B351-42C3-841F-BC46075AFC80@vpnc.org>
References: <CABrd9SSRGzC1gnAm+6Wy2w3FamSgvFK09cHqPXAqH7Ky-n8wtQ@mail.gmail.com>
To: Ben Laurie <benl@google.com>
X-Mailer: Apple Mail (2.1827)
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] Revised Draft Charter for Transparency WG
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 16:35:30 -0000

I support the formation of this WG with basically this charter. However, having footnote in a charter make it harder to read. Having URLs that are not somewhat guaranteed to be available forever (such as those run by the IETF) make the charter unstable. A proposed editorial-only cleanup:

Problem statement:

Many Internet protocols require a mapping between some kind of identifier and some kind of
key, for example, HTTPS, SMTPS, IPSec, DNSSEC and OpenPGP.

These protocols rely on either ad-hoc mappings, or on authorities which attest to the
mappings.

History shows that neither of these mechanisms is entirely satisfactory. Ad-hoc mappings are
difficult to discover and maintain, and authorities make mistakes or are subverted.

Cryptographically verifiable logs can help to ameliorate the problems by making it possible
to discover and rectify errors before they can cause harm. A cryptographically verifiable
log is an append-only log of hashes of more-or-less anything that  is structured in such a
way as to provide efficiently-accessible, cryptographically-supported evidence of correct
log behaviour. For example, RFC 6962 says: "The append-only property of each log is
technically achieved using Merkle Trees, which can be used to show that any particular
version of the log is a superset of any particular previous version. Likewise, Merkle Trees
avoid the need to blindly trust logs: if a log attempts to show different things to
different people, this can be efficiently detected by comparing tree roots and consistency
proofs. Similarly, other misbehaviors of any log (e.g., issuing signed timestamps for
certificates they then don't log) can be efficiently detected and proved to the world at
large."

These logs can also assist with other interesting problems, such as how to assure end users
that software they are running is, indeed, the software they intend to run.

Work items:

- Publish an update to RFC 6962 as a standards-track mechanism to apply verifiable logs to
HTTP over TLS.

- Discuss mechanisms and techniques that allow cryptographically verifiable logs to be
deployed to improve the security of protocols and software distribution. Where such
mechanisms appear sufficiently useful, the WG will re-charter to add relevant new work items.

v2.8.7 | Report a Bug | By Email