Re: [Trans] Write-up of the "Strict CT" variant
Ryan Sleevi <ryan-ietf@sleevi.com> Tue, 23 May 2017 14:32 UTC
Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43509129B53 for <trans@ietfa.amsl.com>; Tue, 23 May 2017 07:32:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t94M1lAcVFNT for <trans@ietfa.amsl.com>; Tue, 23 May 2017 07:32:06 -0700 (PDT)
Received: from homiemail-a106.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9F34126DFF for <trans@ietf.org>; Tue, 23 May 2017 07:32:05 -0700 (PDT)
Received: from homiemail-a106.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a106.g.dreamhost.com (Postfix) with ESMTP id 6B13630002925 for <trans@ietf.org>; Tue, 23 May 2017 07:32:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=pE5tLs7XAJygn1VT/A8cI91m37U=; b= JR1VmrX4S8/kBCVzPZeQQcTQUh6aZaNDHClnk6R4zCsLnqJmMs9q2D/+Frl4SIsf mz3CML1zInz2qnwbM3t58dngyUMviYYdpSb9B93DBaOcL8b/3KN7TaXA7a7iBRq4 MTgnOsPEVlsnJx5KPn24uW+rrtacMU2czBxET215ueE=
Received: from mail-wm0-f42.google.com (mail-wm0-f42.google.com [74.125.82.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by homiemail-a106.g.dreamhost.com (Postfix) with ESMTPSA id 4529A30002924 for <trans@ietf.org>; Tue, 23 May 2017 07:32:05 -0700 (PDT)
Received: by mail-wm0-f42.google.com with SMTP id b84so27186312wmh.0 for <trans@ietf.org>; Tue, 23 May 2017 07:32:05 -0700 (PDT)
X-Gm-Message-State: AODbwcCTT/fCmHgtMGnEIQYZtbhDdC8DkeJsdtLcpBr1Hf3z5WElUta+ qVLLsnOuFMXjI4hpNyBjoqWCX6PV9w==
X-Received: by 10.223.136.165 with SMTP id f34mr655134wrf.134.1495549923816; Tue, 23 May 2017 07:32:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.128.164 with HTTP; Tue, 23 May 2017 07:32:03 -0700 (PDT)
In-Reply-To: <CALzYgEe1e0TSzcFnby_rHhgJyqPLrBi0k3w3kWSNs9-hC1KjGA@mail.gmail.com>
References: <CALzYgEeUCmj4BgY7uKdMnsvTcbvfAunquuqHxD7FxuzZxY1=Fg@mail.gmail.com> <CAErg=HEJNXtjzaaiOAA_Xtrie2jF7=47emp_d7XCCahYjJwdkg@mail.gmail.com> <CALzYgEe1e0TSzcFnby_rHhgJyqPLrBi0k3w3kWSNs9-hC1KjGA@mail.gmail.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Tue, 23 May 2017 10:32:03 -0400
X-Gmail-Original-Message-ID: <CAErg=HG25Q3_iY_c6OWbWUANj4U1++diGKaQzPKGcYFFzLd9KA@mail.gmail.com>
Message-ID: <CAErg=HG25Q3_iY_c6OWbWUANj4U1++diGKaQzPKGcYFFzLd9KA@mail.gmail.com>
To: Eran Messeri <eranm@google.com>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>, "trans@ietf.org" <trans@ietf.org>
Content-Type: multipart/alternative; boundary="001a11491f7af4045b055031d976"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/2kJMTJxiJxNn5d7LVzGNWiH1cPE>
Subject: Re: [Trans] Write-up of the "Strict CT" variant
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2017 14:32:07 -0000
On Tue, May 23, 2017 at 9:49 AM, Eran Messeri <eranm@google.com> wrote: > > > On Tue, May 23, 2017 at 2:26 PM, Ryan Sleevi <ryan-ietf@sleevi.com> wrote: > >> A variation of this to consider: >> >> - CAs already MUST update their OCSP responses on a 3.5 day interval (by >> virtue of Microsoft's program requirements), which I'm working on codifying >> with the Baseline Requirements since they are, effectively, a baseline that >> Microsoft has defined >> >> A UA could define that: >> - CAs MUST include the SCT and an inclusion proof from that SCT to one of >> the 'blessed' STHs >> > In the OCSP response, I assume? > Yes, apologies :) > - There is a rolling two week window of 'blessed' STHs (using whatever >> selection scheme appropriate) >> >> Whether this is the opt-in server basis or for all connections, this >> could provide a privacy-preserving proof-of-inclusion with stronger >> guarantees. This is built on existing 6962-bis primitives (AIUI), and >> simply an exercise in UA policy. Further, this does not inhibit nor >> substantially change the implementation story for other user agents - which >> could still support other forms of SCT delivery (e.g. precerts, TLS) with >> asynchronous inclusion proof checking. >> > Seems to me like a simpler way to achieve the same requirements, and so > favourable. It does depend on clients fetching OCSP responses / OCSP > stapling by servers, correct? > Right. It leverages the existing update infrastructure for OCSP responses on stapling-supporting servers (or potentially in clients), and externalizes the cost of tracking the 'blessed' STH onto the CA, rather than to the millions of site operators. This keeps relative consistency with the original design of CT, which was to find the points in the Web PKI ecosystem most flexible to change (CAs) and deploying the robust fixes there. This certainly increases the friction to change - servers supporting robust OCSP stapling becomes a potential necessity - but it allows UAs to make those tradeoffs using the appropriate building blocks, based on their (or the site's) risk profile. This makes it even more of a preventative measure, at greater cost, but some UAs may feel that tradeoff is appropriate.
- [Trans] Write-up of the "Strict CT" variant Eran Messeri
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Eran Messeri
- Re: [Trans] Write-up of the "Strict CT" variant Eran Messeri
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Andrew Ayer
- Re: [Trans] Write-up of the "Strict CT" variant Andrew Ayer
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Tom Ritter
- Re: [Trans] Write-up of the "Strict CT" variant Filippo Valsorda
- Re: [Trans] Write-up of the "Strict CT" variant Jacob Hoffman-Andrews
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Phillip Hallam-Baker
- Re: [Trans] Write-up of the "Strict CT" variant Watson Ladd