Re: [Trans] Threat model outline, attack model

Ben Laurie <benl@google.com> Sun, 28 September 2014 14:30 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 343271A1B08 for <trans@ietfa.amsl.com>; Sun, 28 Sep 2014 07:30:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.165
X-Spam-Level:
X-Spam-Status: No, score=-2.165 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rqasngohOtrE for <trans@ietfa.amsl.com>; Sun, 28 Sep 2014 07:30:18 -0700 (PDT)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A271D1A1AF8 for <trans@ietf.org>; Sun, 28 Sep 2014 07:30:18 -0700 (PDT)
Received: by mail-qg0-f52.google.com with SMTP id z60so1196377qgd.25 for <trans@ietf.org>; Sun, 28 Sep 2014 07:30:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ylqwxxIZJEJsMlcgJMBgfrN51EVG6b9pahrmHqZYgXs=; b=RV8kbBEwCWcmyaCy6sfhTsd610qPfK0dpbsYNw+maUqyMPS0L4MGpAJoNl0/kygwHm q+XVMw7bzSzwnPcpWV/P6Dm4YZHXL6BNLcPBs6dumyh+c0S2RtWzu4RMP5Vfs3RdGLBN GoEhoCLoBYSrzMaFh8WEseDjQcdad8puMX9dk7siPQ9b8hNDQny13AzQNVpOtAx+AzGW trSz1sAYBrikA39VY0GdJiDsPxETVVA5fhrkZD//4PS7nF0yB/gZWmo/RGnL977gLalj Kx7H8x0W5c1zBVwdlAEhzT1BKSFebz5aHJ8OXDMi4NlIOEwOBjhkxrYDyk5Etg7XjxVO iwcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ylqwxxIZJEJsMlcgJMBgfrN51EVG6b9pahrmHqZYgXs=; b=eN3vutUMOmyBmwWgKdS5vd56GGfFSOeXG36581ywbcLaKyhNTtaVTc6j7nEvIyp8TZ vfR/renX1P7/ZrBtR0czRzU7lIImKCHfsKaa21XyNWD9d8ULbCvr7Xrlm6jBJL7osD/y pXk7mfRBT57E12eUxQA4Mnb65DY663IuAFB1yPKnn3Ey7/nEdqoRkfGzGGhTgER3IFWh O5aSbsDMRiEBrfs9oq5+m80tI9zGBhyToaalQR+8sDoXxZiZQIoKnYhMeE8u0cE9FSb7 UFWafU1G24Go8WNwbvPg4KT/CWruhIQv2jaO9F3fxAb9Zyntx2t1dgHGErPJU1Qy4vtk ub9g==
X-Gm-Message-State: ALoCoQmhh1Vb3+4JuIB9qWHOAB8kQR3TOmkBR4mdv03tcaAXzhCYwE9LHSfQ/MjjajAVIA6B7qKF
MIME-Version: 1.0
X-Received: by 10.224.137.3 with SMTP id u3mr2135543qat.82.1411914617694; Sun, 28 Sep 2014 07:30:17 -0700 (PDT)
Received: by 10.229.247.198 with HTTP; Sun, 28 Sep 2014 07:30:17 -0700 (PDT)
In-Reply-To: <77D4B290-D2C8-44D7-AF84-A0A1B91B9557@taoeffect.com>
References: <5411E511.1040605@bbn.com> <CABrd9STmog8-JZCg9Tfv_ToUswY=9LBcZAPQM2cqUVcO0dhAnQ@mail.gmail.com> <54173589.3000404@bbn.com> <CABrd9SRShqm1r-2ajbqD5w1s686ciyjcEvywsXZaapgmi57NsA@mail.gmail.com> <54242F8A.2080602@bbn.com> <CABrd9SSwAdv-mAgofNT6bMWky7q=bZhAaX=L4gZUQDkROQ-3ZA@mail.gmail.com> <54258AF0.7090602@bbn.com> <4842B04F-A058-4F3C-9DA3-F29735EC7570@taoeffect.com> <alpine.LFD.2.10.1409262236210.27616@bofh.nohats.ca> <FC4A18E2-A42C-472F-B9FE-2278BB5A0BBA@taoeffect.com> <CABrd9SQBuQO1wrv7s06aT-GGyeWmu2sFzJrH6a+t81aq-dei+w@mail.gmail.com> <77D4B290-D2C8-44D7-AF84-A0A1B91B9557@taoeffect.com>
Date: Sun, 28 Sep 2014 15:30:17 +0100
Message-ID: <CABrd9SS67TB_9qC=ObC_1jPF8daXD-ErV8KCs_5w-wni3WORpA@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Tao Effect <contact@taoeffect.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/28GbYWv8fwD-oCftv0qD3YOko_Q
Cc: Paul Wouters <paul@nohats.ca>, "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Threat model outline, attack model
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Sep 2014 14:30:20 -0000

On 27 September 2014 17:58, Tao Effect <contact@taoeffect.com> wrote:
> Dear Ben,
>
> On Sep 27, 2014, at 4:53 AM, Ben Laurie <benl@google.com> wrote:
>
> I agree that CT doesn't mitigate mis-issuance for subjects that do not
> participate.
>
>
> If by "participate" you mean owners who submit their certs to logs, CT
> doesn't detect mis-issuance even for those who do, as that email explained.

By "participate" I mean monitor (or cause to be monitored) the logs.

> On monitors and guarantees - anyone can run a monitor,
> including, of course, the subjects themselves, so clearly there's no
> barrier to participation for subjects who want to participate.
>
>
> "No barrier"? Subjects (domain owners) would need to monitor *all* the logs
> out there.
>
> There will be like 1000+ logs out there.
>
> Each log will be how large (gigabytes?), and CT is not P2P, so Monitors must
> *poll* 1000+ logs constantly for updates, just for the purpose of detecting
> mis-issuance.

The total size is presumably some smallish multiplier of the total
number of valid certs, so certainly not terabytes as you imply. I
don't believe there will be as many as 1,000 logs, though I do believe
CT would still work if there were.

> On top of this, Section 4.6 of your RFC (bis-04) states that logs are not
> required to send monitors everything they ask for, making it unclear whether
> a log is misbehaving or not.

You really are clutching at straws. Yes, perhaps 4.6 should say that
at least one entry must be returned.

> This is not practical.
>
> ###
>
> But that is all besides the point.
>
> The point is that gossip doesn't detect mis-issuance, whether or not
> "subjects participate" in CT or not.

Gossip detects misbehaviour on the part of logs (in particular,
advertising different logs to different people).

>
> Kind regards,
> Greg Slepak
>
> --
> Please do not email me anything that you are not comfortable also sharing
> with the NSA.
>