Re: [Trans] Threat model outline, attack model

[Ben Laurie <benl@google.com>]

On 27 September 2014 17:58, Tao Effect <contact@taoeffect.com> wrote:
> Dear Ben,
>
> On Sep 27, 2014, at 4:53 AM, Ben Laurie <benl@google.com> wrote:
>
> I agree that CT doesn't mitigate mis-issuance for subjects that do not
> participate.
>
>
> If by "participate" you mean owners who submit their certs to logs, CT
> doesn't detect mis-issuance even for those who do, as that email explained.

By "participate" I mean monitor (or cause to be monitored) the logs.

> On monitors and guarantees - anyone can run a monitor,
> including, of course, the subjects themselves, so clearly there's no
> barrier to participation for subjects who want to participate.
>
>
> "No barrier"? Subjects (domain owners) would need to monitor *all* the logs
> out there.
>
> There will be like 1000+ logs out there.
>
> Each log will be how large (gigabytes?), and CT is not P2P, so Monitors must
> *poll* 1000+ logs constantly for updates, just for the purpose of detecting
> mis-issuance.

The total size is presumably some smallish multiplier of the total
number of valid certs, so certainly not terabytes as you imply. I
don't believe there will be as many as 1,000 logs, though I do believe
CT would still work if there were.

> On top of this, Section 4.6 of your RFC (bis-04) states that logs are not
> required to send monitors everything they ask for, making it unclear whether
> a log is misbehaving or not.

You really are clutching at straws. Yes, perhaps 4.6 should say that
at least one entry must be returned.

> This is not practical.
>
> ###
>
> But that is all besides the point.
>
> The point is that gossip doesn't detect mis-issuance, whether or not
> "subjects participate" in CT or not.

Gossip detects misbehaviour on the part of logs (in particular,
advertising different logs to different people).

>
> Kind regards,
> Greg Slepak
>
> --
> Please do not email me anything that you are not comfortable also sharing
> with the NSA.
>