IETF Logo Mail Archive

Re: [therightkey] Draft charter for a Transparency Working Group

Ben Laurie <benl@google.com> Wed, 11 December 2013 18:28 UTC

Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72FBF1ADFE5 for <therightkey@ietfa.amsl.com>; Wed, 11 Dec 2013 10:28:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.38
X-Spam-Level:
X-Spam-Status: No, score=-1.38 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZrNtu1Eyy_Jv for <therightkey@ietfa.amsl.com>; Wed, 11 Dec 2013 10:27:59 -0800 (PST)
Received: from mail-vb0-x22a.google.com (mail-vb0-x22a.google.com [IPv6:2607:f8b0:400c:c02::22a]) by ietfa.amsl.com (Postfix) with ESMTP id EC03C1ADFD3 for <therightkey@ietf.org>; Wed, 11 Dec 2013 10:27:58 -0800 (PST)
Received: by mail-vb0-f42.google.com with SMTP id w5so1934772vbf.29 for <therightkey@ietf.org>; Wed, 11 Dec 2013 10:27:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=0oRH9nRmPqrcXEh0PvnDIfsXTzNFtjvn5/O0cAOQRFI=; b=lvRuGGz2keBFkmitzDWL0BviPeG8D7a/gEuevrmUVjuWvCN85+yp9GB9T/U6aLXQkN vK5ow0+P2VzXqQk8no6bpSBQXb/XyE9qlploS9bZrfa0S9fbFOMKiisBqvXUN2vUznzz wP6hhlSt0ljI5w4wKenzgO9UWpThrvXChZFXvmtMCIOJbr4uJZFa8eq14MkMt7iprMtJ 3RyVba4ExbN2uNkjp7Q5IKHddl4v7U8TphuuOYsEw8MMvmLmWYhJoSzdUiTAuSh+Kvnh v8/ROOhjUExDSwQe7v9ON8fl3emPT8QWeXk2/bddmlf69Gh5nB+CargI+D2QTgHNiTmE 4/YQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=0oRH9nRmPqrcXEh0PvnDIfsXTzNFtjvn5/O0cAOQRFI=; b=jDNhh3jA8VkAUx1nSN+wN/hCJ5V/WE7BwTMnrhSqLeDHLQ4prqzUC3CrydR4CZa/uS CKvc1vUUaWOOySx+357UZLYzpWAxBjXManxhRqjD87aXiO3WIf5NJeJpwjbkPfFGha9V ksfWbXidlTjn7ht9zy310D1u2U3u/BG8mxibHs0L69PqX9lTvgRsgBQ//JSMj7pm5QLV OCDTrlQtBj2yAtQEkbxwmwnADTH1ZBw7zTUWKi9ajguewyybnbAwkEUPfSbYqqKOBJ7W 3Q51tZ9GuZxU+NTfgKa6/DT7IQUmyW6SXwJIC/1qBUCZlLr5dQkMc7b8YSKJ8kXm6n4k yKRA==
X-Gm-Message-State: ALoCoQlb7EazmzaCQIS0dpWpQuIpImfhhilOdWJLY/fzFdYtMC6GE1lHpM1j1BHvMmXPJEKJPhCeyS3TdwRRAEBzOTt9dpfMhNDFVq7zH4P66IAJ7w/YJ9WogrEq49xqhf3e32DHf93s30mYRapadqhSBELcifIYkzFQcs40+RZR/VFszNKei58BYq1v6V/XKyd/++tch6de
MIME-Version: 1.0
X-Received: by 10.52.27.170 with SMTP id u10mr419454vdg.74.1386786472958; Wed, 11 Dec 2013 10:27:52 -0800 (PST)
Received: by 10.52.183.65 with HTTP; Wed, 11 Dec 2013 10:27:52 -0800 (PST)
In-Reply-To: <52A8A245.9070408@fifthhorseman.net>
References: <CABrd9SSzGJy18tf_iR5jFNk-sJyX66OPhmM4H23K5X2ZpWniyQ@mail.gmail.com> <52A8A245.9070408@fifthhorseman.net>
Date: Wed, 11 Dec 2013 18:27:52 +0000
Message-ID: <CABrd9SRogtDpxfC65SU+vF4fopoy7fHbdeneTJ_jLjvO+UBE+Q@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] Draft charter for a Transparency Working Group
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2013 18:28:00 -0000

On 11 December 2013 17:35, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> I'm interested.  I think this has strong potential for improved
> authenticity on the 'net (and improved confidentiality follows from that).
>
> However, I'm also concerned that cryptographically-verifiable global
> logs create an enumeration concern for the space that they log.  This is
> similar in some ways to the issues raised around DNSSEC's NSEC (and not
> particularly effectively addressed by NSEC3).  Enumerability like this
> is potentially a major table of metadata that could potentially be abused.

Agreed, at least for some protocols. I think this area has already
been well thrashed out for HTTPS certificates, the initial target,
which are _mostly_ public. It seems we have good mechanisms in place
for those who want public CAs to issue private certificates, too (that
is, name-constrained intermediates).

> I'd appreciate it if any Transparency Working Group explicitly tries to
> address concerns around enumerability.

This is a _hard problem_, and verifiable logs suffer from the same
limitations that NSEC3 does, at least as currently envisaged.
Mechanisms akin to name constraints can perhaps go some way towards
addressing this issue in general, but the general problem I have no
idea how to solve. But it would seem to be on-topic for the general
case.

Possibly we have to admit we have no such mechanism for namespaces we
want to be non-enumerable.

v2.23.0 | Report a Bug | By Email