IETF Logo Mail Archive

Re: [therightkey] Revised Draft Charter for Transparency WG

Tim Moses <tim.moses@entrust.com> Tue, 07 January 2014 18:04 UTC

Return-Path: <tim.moses@entrust.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F68D1AE0EE for <therightkey@ietfa.amsl.com>; Tue, 7 Jan 2014 10:04:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.439
X-Spam-Level:
X-Spam-Status: No, score=-2.439 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NKyp_t38R7vt for <therightkey@ietfa.amsl.com>; Tue, 7 Jan 2014 10:04:50 -0800 (PST)
Received: from ipedge2.entrust.com (ipedge2.entrust.com [216.191.252.25]) by ietfa.amsl.com (Postfix) with ESMTP id CED0F1AE0EA for <therightkey@ietf.org>; Tue, 7 Jan 2014 10:04:49 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.95,620,1384318800"; d="scan'208";a="7774704"
Received: from unknown (HELO sottexchcas.corp.ad.entrust.com) ([10.4.51.224]) by ipedge2.entrust.com with ESMTP; 07 Jan 2014 13:04:40 -0500
Received: from SOTTEXCH11.corp.ad.entrust.com ([fe80::303b:8584:c6f4:be18]) by SOTTEXCHCAS2.corp.ad.entrust.com ([::1]) with mapi id 14.03.0123.003; Tue, 7 Jan 2014 13:04:39 -0500
From: Tim Moses <tim.moses@entrust.com>
To: Ben Laurie <benl@google.com>
Thread-Topic: [therightkey] Revised Draft Charter for Transparency WG
Thread-Index: AQHPC8Obgf4BDtDBOU6Dw0Co81lEw5p5dh6wgABcJwD//7GGmoAAV6+A//+y22w=
Date: Tue, 7 Jan 2014 18:04:39 +0000
Message-ID: <A6F80180-95B8-43BE-BAAE-9E864CCBFE53@entrust.com>
References: <CABrd9SSRGzC1gnAm+6Wy2w3FamSgvFK09cHqPXAqH7Ky-n8wtQ@mail.gmail.com> <FA82C4B0-80FB-47FC-A4C6-3EE59238ADAC@entrust.com> <CABrd9SRPExNOvmoG5Rhxh-qmpHMeQDGMvRS6-0MQQVi2pG2gnw@mail.gmail.com> <6E6E4126-34A4-4633-A253-0996646FF5A5@entrust.com>, <CABrd9SRDTWKkNkAEkHebhR1jmFHroW9v5qdRPR38vUhYO9Cz2w@mail.gmail.com>
In-Reply-To: <CABrd9SRDTWKkNkAEkHebhR1jmFHroW9v5qdRPR38vUhYO9Cz2w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] Revised Draft Charter for Transparency WG
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 18:04:52 -0000

I see. It seems unfortunate that reliance on one or more time stamps is not sufficient, but that the client also has to consult the log.

All the best. Tim.

> On Jan 7, 2014, at 12:40 PM, "Ben Laurie" <benl@google.com> wrote:
> 
>> On 7 January 2014 17:26, Tim Moses <tim.moses@entrust.com> wrote:
>> Ok.  But that's at least one additional round trip, right?
> 
> It does not need to be done before accepting the certificate. CT is
> designed around responsiveness at the cost of finding out bad things
> happened a little late. But this seems like an acceptable trade-off,
> since a log still can only misbehave once (or for a short period of
> time), which makes the cost of doing so very high.
> 
>> Is it more realistic to say that the protocol fails if ALL of the CA and every timestamp relied upon is untrustworthy?
> 
> I'm not sure what you mean by this, but perhaps the above makes it irrelevant?
> 
>> 
>> All the best. Tim.
>> 
>> 
>>>> On Jan 7, 2014, at 12:07 PM, "Ben Laurie" <benl@google.com> wrote:
>>>> 
>>>> On 7 January 2014 16:37, Tim Moses <tim.moses@entrust.com> wrote:
>>>> Hi Ben.  Is it explained somewhere how it would be discovered that a log had issued a time stamp for a certificate that it then did not log?
>>> 
>>> RFC 6962, Section 5.4 "Auditor".
>>> 
>>>> According to my understanding, the time stamp would only be distributed within a certificate or OCSP response, and (therefore) its existence would not necessarily be apparent to an auditor.
>>> 
>>> If no-one ever sees the certificate, then whether an SCT was issued or
>>> not is unimportant. This is why recipients of certificates need to at
>>> least audit the certificates they see.
>>> 
>>> In the RFC "auditor" is a role that may be incorporated in other
>>> things. From the RFC: "An auditor might be an integral component of a
>>> TLS client".
>>> 
>>> There may be a better way of explaining this.
>>> 
>>> Possibly something to this effect should've been added to 5.2. I've
>>> added an issue (https://code.google.com/p/certificate-transparency/issues/detail?id=25).
>>> 
>>>> Maybe I missed something.
>>>> 
>>>> All the best. Tim.
>>>> 
>>>>> On Jan 7, 2014, at 11:14 AM, "Ben Laurie" <benl@google.com> wrote:
>>>>> 
>>>>> Problem statement: many Internet protocols require a mapping between
>>>>> some kind of identifier and some kind of key, for example, HTTPS,
>>>>> SMTPS, IPSec, DNSSEC and OpenPGP.
>>>>> 
>>>>> 
>>>>> These protocols rely on either ad-hoc mappings, or on authorities
>>>>> which attest to the mappings.
>>>>> 
>>>>> 
>>>>> History shows that neither of these mechanisms is entirely
>>>>> satisfactory. Ad-hoc mappings are difficult to discover and maintain,
>>>>> and authorities make mistakes or are subverted.
>>>>> 
>>>>> 
>>>>> Cryptographically verifiable logs[1] can help to ameliorate the
>>>>> problems by making it possible to discover and rectify errors before
>>>>> they can cause harm.
>>>>> 
>>>>> 
>>>>> These logs can also assist with other interesting problems, such as
>>>>> how to assure end users that software they are running is, indeed, the
>>>>> software they intend to run.
>>>>> 
>>>>> 
>>>>> Work items: Specify a standards-track mechanism to apply verifiable
>>>>> logs to HTTP/TLS (i.e. RFC 6962-bis).
>>>>> 
>>>>> 
>>>>> Discuss mechanisms and techniques that allow cryptographically
>>>>> verifiable logs to be deployed to improve the security of protocols
>>>>> and software distribution. Where such mechanisms appear sufficiently
>>>>> useful, the WG will re-charter to add relevant new work items.
>>>>> 
>>>>> 
>>>>> [1] A cryptographically verifiable log is an append-only log of hashes
>>>>> of more-or-less anything that  is structured in such a way as to
>>>>> provide efficiently-accessible, cryptographically-supported evidence
>>>>> of correct log behaviour.
>>>>> 
>>>>> 
>>>>> For example, from RFC 6962: “The append-only property of each log is
>>>>> technically achieved using Merkle Trees, which can be used to show
>>>>> that any particular version of the log is a superset of any particular
>>>>> previous version. Likewise, Merkle Trees avoid the need to blindly
>>>>> trust logs: if a log attempts to show different things to different
>>>>> people, this can be efficiently detected by comparing tree roots and
>>>>> consistency proofs. Similarly, other misbehaviors of any log (e.g.,
>>>>> issuing signed timestamps for certificates they then don't log) can be
>>>>> efficiently detected and proved to the world at large.”
>>>>> 
>>>>> 
>>>>> See RFC 6962, http://www.links.org/files/CertificateTransparencyVersion2.1a.pdf
>>>>> and http://www.links.org/files/RevocationTransparency.pdf for
>>>>> background.
>>>>> _______________________________________________
>>>>> therightkey mailing list
>>>>> therightkey@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/therightkey

v2.8.7 | Report a Bug | By Email