Re: [therightkey] [dane] DANE and CT

Paul Wouters <paul@nohats.ca> Fri, 16 November 2012 18:54 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C404421F8AF0; Fri, 16 Nov 2012 10:54:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nAmq-JGUEaEC; Fri, 16 Nov 2012 10:54:10 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by ietfa.amsl.com (Postfix) with ESMTP id 38FDD21F8AED; Fri, 16 Nov 2012 10:54:10 -0800 (PST)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 03D1782B74; Fri, 16 Nov 2012 13:53:25 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id D952982B5B; Fri, 16 Nov 2012 13:53:25 -0500 (EST)
Date: Fri, 16 Nov 2012 13:53:25 -0500
From: Paul Wouters <paul@nohats.ca>
To: Ben Laurie <benl@google.com>
In-Reply-To: <CABrd9SQgrBzGbvwGsARMWikj1kaws9YR=fE9gbgbpB4YOp=g3A@mail.gmail.com>
Message-ID: <alpine.LFD.2.02.1211161350050.11982@bofh.nohats.ca>
References: <CABrd9SRyv+UerPJBf+gw47nWj3t4ekHRnWsKC0pHcadHV5mvmw@mail.gmail.com> <alpine.LSU.2.00.1211141601220.27013@hermes-1.csi.cam.ac.uk> <212E2C13-CE98-43BB-B665-14DD18236F03@kumari.net> <alpine.LSU.2.00.1211141640120.15409@hermes-1.csi.cam.ac.uk> <CABrd9ST8duM=U-0g02yres_qEY5tnLY6dXLJzxcXiKYEqmiFNA@mail.gmail.com> <20121114172950.GA13499@isc.upenn.edu> <CABrd9SSMq8RQVTB7OWHEULC0Kwy-XqXEiKzEE5e6O7cG1_6Hiw@mail.gmail.com> <20121114181437.GA26508@isc.upenn.edu> <CF602349-8B21-4429-B518-AFD17D6E72FC@vpnc.org> <alpine.LFD.2.02.1211151516120.17666@bofh.nohats.ca> <CABrd9SQgrBzGbvwGsARMWikj1kaws9YR=fE9gbgbpB4YOp=g3A@mail.gmail.com>
User-Agent: Alpine 2.02 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: therightkey@ietf.org, Shumon Huque <shuque@upenn.edu>, Paul Hoffman <paul.hoffman@vpnc.org>, IETF DANE WG list <dane@ietf.org>
Subject: Re: [therightkey] [dane] DANE and CT
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Nov 2012 18:54:10 -0000

> Incorrect: CT provides a globally verifiable audit trail - the
> exchange of money is irrelevant.

It is if Google CT only accepts submissions of CAs, and Chrome ships
with the Google CT. It forces me to use CAs.

> CT does not see the difference between you logging in to your
> registrar interface and updating the DS record, someone else using
> your credentials to do the same without your knowledge, or the
> registry going rogue. What it does it make all of these visible to
> you. Then it is up to you (or anyone else) to spot the abuse and do
> something about it.

Which is the exact problem of outsourcing trust vs trusting no one.
People keep insisting they can do both. Adding another "cert patrol"
warning box in my browser isn't going to make users more secure. So what
happens if I update my TLS key? I need to live with a few hours of users
getting told my site is hacked and clicking OK, or do we ignore the
first few hours of a site being compromised?

Paul