IETF Logo Mail Archive

Re: [therightkey] Revised Draft Charter for Transparency WG

Ben Laurie <benl@google.com> Tue, 07 January 2014 17:40 UTC

Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29AC21AE04B for <therightkey@ietfa.amsl.com>; Tue, 7 Jan 2014 09:40:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M0CEdTAZbaHt for <therightkey@ietfa.amsl.com>; Tue, 7 Jan 2014 09:40:54 -0800 (PST)
Received: from mail-vb0-x232.google.com (mail-vb0-x232.google.com [IPv6:2607:f8b0:400c:c02::232]) by ietfa.amsl.com (Postfix) with ESMTP id 64AC21AE075 for <therightkey@ietf.org>; Tue, 7 Jan 2014 09:40:54 -0800 (PST)
Received: by mail-vb0-f50.google.com with SMTP id w18so345258vbj.37 for <therightkey@ietf.org>; Tue, 07 Jan 2014 09:40:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=oHw0CLlnacDsitD71ZbDB7bWZmIGcsP4brmV6XiQFW4=; b=hXwvGMlJaKjayW/950NX7EMM7JojQDiZuHkXbASYAp2ZxK6W3DCirR26NTM+H88iRt Sgp7PJCVX/SZ45Q6mjY/JdZFhcwSzPsu9VnaWvzeO1+HAXSNsgwRZwOqGzxwncGQHJFu nU3QttvuQarSggb6uSdcC+0rdsTvsfzE+e0a/M9RE2+t4lV1B4Jjh6np6WyGOaapCfse Y51wFp8oJ2WLbBYB0jQ9+5USKgBWIMJe7x0j9lLj8huYGlqX3EuQPR5PbGFaVZHI+Erq 9N6qRYTiNqmTULwwtnynyc/BRH0nv56AKvbFzSRsjTpDN6biS1xL+JfTGmoNSPjRV1R/ KlvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=oHw0CLlnacDsitD71ZbDB7bWZmIGcsP4brmV6XiQFW4=; b=luUmdxAjyg77EYChqAfOrOEFh3lJHsuc53RdC/sAHM6ajoa7/NOrivb2O91VXYMfLq 0jkpKLZtKqPEpnhFw6OONuSTZzBGZqKaRBjV9CN6eEn2fsxM79kYWn30qv1rMR7VxLTY K+PpwGml3x/ibDZbo3NVl1CPgLYTpm1G64Mo7vxt14oFIHt+DrLTG0TgGMhcZ/5MJ4uX IjPjqWwdlhwRv0VuKzNtdPjpHlRXGzr71LRnBEbXt9ZLMkTefa90vcsWc8LgwGf6URmB /6+/7ZffokGE0fKgZAwb+NRWBIDglPq57SnhJcJgTT7bZFynPpDfo1vakSqiJ/3QfQPN /oqQ==
X-Gm-Message-State: ALoCoQnQEbrC6elWzgEA7pMpJdGdagpZsWTSG7/iMAqbLxBMkeCan63MoSKGZ7KE3IfQi4HrmCCRNka/5wHPe2nQ/jsBpPjBevFqt5ujrCYb35BFattoUcNpslYEARnL4IcdlXW+Jh2SJSGtdjJ39TVBfaBzOcjjTd1CRTP0E4L0h1YnLmFiHSmYH2FfSr7L9Y+UfQHiMZtk
MIME-Version: 1.0
X-Received: by 10.58.118.36 with SMTP id kj4mr75948716veb.2.1389116445212; Tue, 07 Jan 2014 09:40:45 -0800 (PST)
Received: by 10.52.169.202 with HTTP; Tue, 7 Jan 2014 09:40:45 -0800 (PST)
In-Reply-To: <6E6E4126-34A4-4633-A253-0996646FF5A5@entrust.com>
References: <CABrd9SSRGzC1gnAm+6Wy2w3FamSgvFK09cHqPXAqH7Ky-n8wtQ@mail.gmail.com> <FA82C4B0-80FB-47FC-A4C6-3EE59238ADAC@entrust.com> <CABrd9SRPExNOvmoG5Rhxh-qmpHMeQDGMvRS6-0MQQVi2pG2gnw@mail.gmail.com> <6E6E4126-34A4-4633-A253-0996646FF5A5@entrust.com>
Date: Tue, 7 Jan 2014 17:40:45 +0000
Message-ID: <CABrd9SRDTWKkNkAEkHebhR1jmFHroW9v5qdRPR38vUhYO9Cz2w@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Tim Moses <tim.moses@entrust.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] Revised Draft Charter for Transparency WG
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 17:40:57 -0000

On 7 January 2014 17:26, Tim Moses <tim.moses@entrust.com> wrote:
> Ok.  But that's at least one additional round trip, right?

It does not need to be done before accepting the certificate. CT is
designed around responsiveness at the cost of finding out bad things
happened a little late. But this seems like an acceptable trade-off,
since a log still can only misbehave once (or for a short period of
time), which makes the cost of doing so very high.

> Is it more realistic to say that the protocol fails if ALL of the CA and every timestamp relied upon is untrustworthy?

I'm not sure what you mean by this, but perhaps the above makes it irrelevant?

>
> All the best. Tim.
>
>
>> On Jan 7, 2014, at 12:07 PM, "Ben Laurie" <benl@google.com> wrote:
>>
>>> On 7 January 2014 16:37, Tim Moses <tim.moses@entrust.com> wrote:
>>> Hi Ben.  Is it explained somewhere how it would be discovered that a log had issued a time stamp for a certificate that it then did not log?
>>
>> RFC 6962, Section 5.4 "Auditor".
>>
>>> According to my understanding, the time stamp would only be distributed within a certificate or OCSP response, and (therefore) its existence would not necessarily be apparent to an auditor.
>>
>> If no-one ever sees the certificate, then whether an SCT was issued or
>> not is unimportant. This is why recipients of certificates need to at
>> least audit the certificates they see.
>>
>> In the RFC "auditor" is a role that may be incorporated in other
>> things. From the RFC: "An auditor might be an integral component of a
>> TLS client".
>>
>> There may be a better way of explaining this.
>>
>> Possibly something to this effect should've been added to 5.2. I've
>> added an issue (https://code.google.com/p/certificate-transparency/issues/detail?id=25).
>>
>>> Maybe I missed something.
>>>
>>> All the best. Tim.
>>>
>>>> On Jan 7, 2014, at 11:14 AM, "Ben Laurie" <benl@google.com> wrote:
>>>>
>>>> Problem statement: many Internet protocols require a mapping between
>>>> some kind of identifier and some kind of key, for example, HTTPS,
>>>> SMTPS, IPSec, DNSSEC and OpenPGP.
>>>>
>>>>
>>>> These protocols rely on either ad-hoc mappings, or on authorities
>>>> which attest to the mappings.
>>>>
>>>>
>>>> History shows that neither of these mechanisms is entirely
>>>> satisfactory. Ad-hoc mappings are difficult to discover and maintain,
>>>> and authorities make mistakes or are subverted.
>>>>
>>>>
>>>> Cryptographically verifiable logs[1] can help to ameliorate the
>>>> problems by making it possible to discover and rectify errors before
>>>> they can cause harm.
>>>>
>>>>
>>>> These logs can also assist with other interesting problems, such as
>>>> how to assure end users that software they are running is, indeed, the
>>>> software they intend to run.
>>>>
>>>>
>>>> Work items: Specify a standards-track mechanism to apply verifiable
>>>> logs to HTTP/TLS (i.e. RFC 6962-bis).
>>>>
>>>>
>>>> Discuss mechanisms and techniques that allow cryptographically
>>>> verifiable logs to be deployed to improve the security of protocols
>>>> and software distribution. Where such mechanisms appear sufficiently
>>>> useful, the WG will re-charter to add relevant new work items.
>>>>
>>>>
>>>> [1] A cryptographically verifiable log is an append-only log of hashes
>>>> of more-or-less anything that  is structured in such a way as to
>>>> provide efficiently-accessible, cryptographically-supported evidence
>>>> of correct log behaviour.
>>>>
>>>>
>>>> For example, from RFC 6962: “The append-only property of each log is
>>>> technically achieved using Merkle Trees, which can be used to show
>>>> that any particular version of the log is a superset of any particular
>>>> previous version. Likewise, Merkle Trees avoid the need to blindly
>>>> trust logs: if a log attempts to show different things to different
>>>> people, this can be efficiently detected by comparing tree roots and
>>>> consistency proofs. Similarly, other misbehaviors of any log (e.g.,
>>>> issuing signed timestamps for certificates they then don't log) can be
>>>> efficiently detected and proved to the world at large.”
>>>>
>>>>
>>>> See RFC 6962, http://www.links.org/files/CertificateTransparencyVersion2.1a.pdf
>>>> and http://www.links.org/files/RevocationTransparency.pdf for
>>>> background.
>>>> _______________________________________________
>>>> therightkey mailing list
>>>> therightkey@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/therightkey

v2.8.7 | Report a Bug | By Email