Re: [Trans] Volunteer opportunity! (was Re: DNSSEC also needs CT)

Dmitry Belyavsky <> Tue, 27 May 2014 14:32 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id ACA561A0366 for <>; Tue, 27 May 2014 07:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7c6KPlxYTaaz for <>; Tue, 27 May 2014 07:32:51 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4002:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 262031A034E for <>; Tue, 27 May 2014 07:32:51 -0700 (PDT)
Received: by with SMTP id z6so7483535yhz.11 for <>; Tue, 27 May 2014 07:32:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=CIWXjjy1wyn/o1PgF4CsQMBHwx1ujmbyvU7Xink6qpk=; b=OXr7Hvkg8IdI41JqEDXpe1/t0A6d8XsrNeArlnDVQ/7IC7qCNTYeCNJZecgap+c6i6 n0bbeYxXeDuSPDCLoGbCMZjR6X33+C8E2cgbq3+PTDQ3bbXoib7yvfhs8IBFTCWq0qZg rd/WpCRO5YNmx2iVAYx0osxGhdru4u1DEUk3VTO8lN4Qhzcvu4ncdwHvUorBdAychBjv w6QBRLeWB+UDO9BJwiX1QNDWEhO2SC2Rt6GyvcNiBwTWiwsdv58Nz6/FHUtSHBOXXERQ o+f73wItRVo0XXKEdjtw8UCNQGE/hB66/ZWTvQWy2GGWnmRyykKUL8/eswoj4WIOvJDi i39Q==
MIME-Version: 1.0
X-Received: by with SMTP id l43mr47294920yhf.40.1401201167535; Tue, 27 May 2014 07:32:47 -0700 (PDT)
Received: by with HTTP; Tue, 27 May 2014 07:32:47 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
Date: Tue, 27 May 2014 18:32:47 +0400
Message-ID: <>
From: Dmitry Belyavsky <>
To: Stephen Kent <>
Content-Type: multipart/alternative; boundary="20cf3010e34dd9968e04fa629102"
Cc: "" <>
Subject: Re: [Trans] Volunteer opportunity! (was Re: DNSSEC also needs CT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 27 May 2014 14:32:53 -0000

Hello Stephen,

Here is my understanding of the question you asked.
Let Ben or Rob fix me if I'm wrong.


   Anybody is allowed to operate log. But there should be a procedure
   (similar to CA/Browser forum) which is determined to register log as
   “important” (we need a better word). There should be not many “important”
   log servers, I suppose — otherwise we are to get the same problem as we
   have with many CAs.

   Any log-server can select the list of acceptable CAs. I think that
   “important logs” should cover all the CAs supported by major browsers.

   Any log server can select the algorithm of hash for Merkle Tree and for
   its key signing the SCTs.

   Each browser should provide an editable way of managing logs. By default
   it should be a reasonable subset of “important” logs.

   Each CA can be accepted by more than one log.

   Browsers should

      allow user to accept the cert without CT providing warning about
      absence of CT

      allow user to specify absence of log for this or that domain
      (non-public suffix)

      allow user to a particular log for this or that domain and return an
      error if there is no SCT for id provided by this log.

      there should be a procedure of report about log misbehaviour in case
      of invalid log records

   I think that warning is acceptable in case of an absence of SCTs, but in
   case of cryptographic errors the error should be generated.

On Thu, May 22, 2014 at 10:12 PM, Stephen Kent <> wrote:

>  Dimitry,
> Thanks for posting the list below.
> I have become very concerned that the doc we're working on describes a
> mechanism,
> but we seem to lack a good description of the architectural context in
> which CT
> is supposed to work. The intro text for the I-D is not at all adequate for
> this.
> Maybe the charter for this WG would have included the need to publish a
> doc of
> this sort if we had gone through the usual BoF process :-).
> I'd like to see a doc that addresses a number of points that are now
> beginning to
> be raised by several folks:
>     - who is expected to operate logs, does every log cover all CAs, is one
> log per CA (even if operated by someone else) adequate, how are users
> supposed to
> select logs (what the UI like?), etc.
>     - how are browsers expected to deal with missing SCTs, missing or
> non-matching
> log entries, (crypto) invalid log entries, etc. are browser actions
> supposed to be
> effect in real time or is this deferred activity model?
>     - hard fail vs. warnings for CT "exceptions?"
>     - how are browsers expected to deal with certs from CAs that are not
> part of the Web PKI?
>     - what are the fallback plans if some number of the Web PKI CAs elect
> to not
> participate?
>     - same question for major browser vendors?
>     - what are the plans for alg aglity, for logs?
> CT is a system, not just a handful of mechanisms. It needs to be described
> that way.
> Although not perfect, I suggest the set of RFCs that describe the RPKI is
> illustrative
> of the many aspects of a global system (with PKI aspects) that need to be
> documented.
> Steve
>  Here are my ideas about "strict" behaviour of the TLS client:
>  ==============
>  TLS clients supporting CT are supposed to have a preconfigured set of
> logs and
> their public keys.
>  In addition to normal validation of the certificate and its chain, they
> should
> validate the SCTs received during the TLS connection.
>  The client fully conforming to the specification SHOULD perform the
> following
> steps before establishing the connection for every certificate in the
> chain:
>  1. If no SCTs are provided, the client SHOULD reject the connection.
>  2. The client MUST ignore all the SCTs provided by unknown logs.
>  3. TLS clients MUST reject SCTs whose timestamp is in the future.
>  4. If no SCTs has left after steps 2-3, the client SHOULD reject the
> connection.
>  5. If any of SCTs left after steps 2-3 has invalid signature, the client
> SHOULD reject the connection.
>  Client MAY check whether the certificate is present in the log
> corresponding to the passed SCT.
> If the certificate is not present in the log, the connection MUST be
> rejected.
>  =============
>  Can it be a starting point or you want something else?
>  --
> SY, Dmitry Belyavsky
> _______________________________________________
> Trans mailing listTrans@ietf.org
> _______________________________________________
> Trans mailing list

SY, Dmitry Belyavsky