IETF Logo Mail Archive

Re: [Trans] How to redact an entry

Phillip Hallam-Baker <ietf@hallambaker.com> Wed, 16 November 2016 03:54 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6623A12961F for <trans@ietfa.amsl.com>; Tue, 15 Nov 2016 19:54:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XL0JnlOalPK0 for <trans@ietfa.amsl.com>; Tue, 15 Nov 2016 19:54:19 -0800 (PST)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 118FB1293FC for <trans@ietf.org>; Tue, 15 Nov 2016 19:54:19 -0800 (PST)
Received: by mail-wm0-x235.google.com with SMTP id t79so43783936wmt.0 for <trans@ietf.org>; Tue, 15 Nov 2016 19:54:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=EIGNfZ3QWnQpeBeSwJj9Rm3P/dCzg9E0vY0tmhz/6cY=; b=fhMPmY/K4/OTEMLVZNCHyIwZMaMxDy2jnZobR8ylP96ojALCrWxwEMFbGqhHRebzg+ oqhJ24GqZOFLZnmiTpA3CQz012ohHR+p+eYtYJvoP2513WcI0TmRDGkx3CYSuHVPuKGI tMlEf8cWar7YkvLrUFkZN0/KqjdCr7WSxUtvi0yUJUDJJqAxAOO6jNnRs638TE4iLxEl MyO52plrMnlBRfTayOBd7Si82X8baxtpwIJZarHGF3HPN5phF9Mzf5Dmvax4dQlbq5TN UPOQeN3pkcGPOThZz9UGLO2FYjZ2tbYVgjI9D8Pi2JI6Qi7JHz2/SItk6oMvuTqxLmQC 7R9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=EIGNfZ3QWnQpeBeSwJj9Rm3P/dCzg9E0vY0tmhz/6cY=; b=UELJuKzfmGoe2mdKzNacOie6GxNkgdZzZ4fsF/FhRQKdUWoOc6Rf9wduiKl08Ow9vl wylBZect+2eWkrbhFiRN1lDx8GAE6DBpzkWRBEwte6bc9z5maxS4cpR3ruzYeUo1bNrb JwafYaItZtQhER8o3tfR+AIEOkY7SHozMDeoteSyiB7DhiIdUITfkbREPWYmtq7XAhmn IFdBsvJ+2fAJCsgJoeINqL1j8E9pqMXWGBvbp2FN8n9TQzV657YC20E9yAen90Tf0TmW OeA+a+2BsUATo3Mhe0sGCqjzANiFHfC6BMikEaPbtGGaaZaPq9PX5r9RBBT+Tb9isJqN yDWw==
X-Gm-Message-State: ABUngvc2pxJIdRA3VJDuBGrl1Ada/K3+P4JTAr6+T6i+kj8poV6LR2ZSWMZZEMUNGYzp3IsBJewMDd4kgNhaKQ==
X-Received: by 10.28.198.67 with SMTP id w64mr7580350wmf.13.1479268457621; Tue, 15 Nov 2016 19:54:17 -0800 (PST)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.194.3.41 with HTTP; Tue, 15 Nov 2016 19:54:16 -0800 (PST)
In-Reply-To: <4E665C5B-BC28-428E-9BFB-626D3364E05B@nohats.ca>
References: <CABrd9SSeePrsNq8ERjxpbEvUAdyb=yQOGAom0qh9SZMoP=nsMw@mail.gmail.com> <CAMm+LwiZUw+JpEanY5vkxGBOtdrs9HfYzp34cBtwDv34uJCjKw@mail.gmail.com> <4E665C5B-BC28-428E-9BFB-626D3364E05B@nohats.ca>
From: Phillip Hallam-Baker <ietf@hallambaker.com>
Date: Tue, 15 Nov 2016 22:54:16 -0500
X-Google-Sender-Auth: _spOsDcV9TbelVdISFsLgPSE1as
Message-ID: <CAMm+Lwib-KEL5snVzvLidE163_Hy_mVJm4k_bX5iQgzC9drRQw@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Content-Type: multipart/alternative; boundary="94eb2c193638f1acbc05416306fe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/1fD9KzB-8BtuoFoJKf4zq-SXz8k>
Cc: "trans@ietf.org" <trans@ietf.org>, Ben Laurie <benl@google.com>
Subject: Re: [Trans] How to redact an entry
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 03:54:21 -0000

That particular attack is certainly an issue for some linked notary logs.
The point of CT is to prevent insertion attacks, to ensure that only items
entered into the log are notarized.

What is the harm you see being caused by suppression? Remember that a party
that has the actual data can still prove that it was enrolled.


On Tue, Nov 15, 2016 at 10:46 PM, Paul Wouters <paul@nohats.ca> wrote:

> How can I as log consumer detect the difference between the log removing
> illegal content and the log being compelled by a government to hide a rogue
> certificate?
>
> Sent from my iPhone
>
> On Nov 16, 2016, at 10:01, Phillip Hallam-Baker <ietf@hallambaker.com>
> wrote:
>
>
>
> On Tue, Nov 15, 2016 at 2:49 PM, Ben Laurie <benl@google.com> wrote:
>
>> Eran asked me to briefly describe how redaction in a transparency log
>> would work.
>>
>> First, we introduce a new leaf type, "Redacted". The content of this
>> leaf is simply the hash of the original leaf, the entry number of the
>> redaction reason entry (see below) and a signature over the content by
>> the log key.
>>
>> Rather than hashing this entry, verifiers simply use the enclosed hash
>> to calculate the tree hash.
>>
>> Secondly, we introduce a second new leaf type, "Redaction reason".
>> This leaf contains two things: the entry number of the redacted entry
>> and a textual explanation of why it was redacted (possibly we need to
>> get a little more elaborate here, but perhaps the simplest thing to do
>> is to allow it to include URLs to point to any supporting material).
>> This leaf type would be hashed in the usual way.
>>
>> Observers of the log can verify that every redacted entry has a
>> corresponding redaction reason entry, and if not, can produce proof it
>> does not (this is why the redacted entry has to be signed directly).
>>
>> Note that the redacted entry could not include the entry number of the
>> redaction reason, if preferred, though that would force an observer of
>> that entry to download the whole log to verify the reason and also
>> would make proof of non-compliance bulky. :-)
>>
>
> ​I decided I had to do something of this sort in the Mesh notary log. It
> is probably a good idea to do it as a matter of course.
>
> Lets consider the general case for a moment, what happens if someone puts
> some child pornography into the log. Obviously you can't publish it or you
> go to jail. So you have to take it out which breaks the log.
>
> So either you have to devise a scheme that you are certain cannot be used
> to publish abusive material or you have to have a way to suppress it
> either. I think the second approach is better.
>
>
> Of course putting bad stuff in a Trans log would be a lot more effort than
> putting it into the blockchain or the like. But don't think it is
> impossible. I have a few attacks that are worrying enough not to want to
> share in public. The sort of thing that has Special Branch making house
> calls.
>
> So I would hash the received data values before enrolling the hash in the
> notary log as a matter of course.
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>
>

v2.35.0 | Report a Bug | By Email | System Status