IETF Logo Mail Archive

Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior

Eran Messeri <eranm@google.com> Tue, 20 October 2015 13:46 UTC

Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C77A1A8A4C for <trans@ietfa.amsl.com>; Tue, 20 Oct 2015 06:46:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kfW85u9knM9i for <trans@ietfa.amsl.com>; Tue, 20 Oct 2015 06:46:18 -0700 (PDT)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A44221A8A42 for <trans@ietf.org>; Tue, 20 Oct 2015 06:46:17 -0700 (PDT)
Received: by ioll68 with SMTP id l68so22278643iol.3 for <trans@ietf.org>; Tue, 20 Oct 2015 06:46:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=odU8UfCQg3fzv8oJEUUpOvLBv5KSLdbowuLiqfTwONI=; b=Kc2MfZWWyGGaoTaRae35mMB7fQmLHK6Aw6nepJFV6mpHjMrNvN7fKTl1XF8RaicwE1 Cufz04qMwb2RcQISLMFfm8Et6dWixtK22LdI8sDI9rfbQRtSzG7vj72v/oRDIeCrL+eO UBnfSmnnuGV134g5AaEjKCo+P/kydjAjjxaBz8BnZI5bbZcAYZR1ohrM57VJfAVrnTgw yNkgpoJG/Z8gRwrrF3Gu8lLtCSH7ts7u2/AXsQDsuI1d+Awiuz2+zBIqybw0J953Gzyu n3aGn7tYI7+OWnPo4/xwZ6B+e0lkHk6k7YdfOb1aqzhqEVNBb01avAbMrkmxI1/CTmlQ AJiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=odU8UfCQg3fzv8oJEUUpOvLBv5KSLdbowuLiqfTwONI=; b=U+DPtLdpesQRJj+xFAmEfltvvuTbHEGYIvrBSOx+VGiMuZgybmZA/AmzuGGkbIknuV 6tEIfAPTyJ7XFGKKHztoT92VWDtT18JLQrWzZeVBg1OCPG066ci78ylMh8mhiq+GTZkh v3LSBsC7g2J1IswNC2TDAncaQv7tXvr+N790YpdxAK3kWvr4+YTFpoi9P/9A2lKZS04o OJOdVkIWmT3wMmTjc5HiXWYl6uoEJGzdiDKPOzuAHPboMdecbxTPgVRxHFv7BJh4a0n2 Vj10Gl4k1sbYtEgiH8og9SxnNRE1pxxXX3p8wZghqEgAZrn5H8iQi5AlcHFn8b716n92 6cRA==
X-Gm-Message-State: ALoCoQk6TnkR5KnFesvnx1qAb+4ZCOUt+XPl9irHXR0aKJy+cpED9rlJWBWvandFnkhYdelG2gKE
MIME-Version: 1.0
X-Received: by 10.107.12.197 with SMTP id 66mr2449242iom.145.1445348776972; Tue, 20 Oct 2015 06:46:16 -0700 (PDT)
Received: by 10.64.233.4 with HTTP; Tue, 20 Oct 2015 06:46:16 -0700 (PDT)
In-Reply-To: <CABEqWMC=pJUMEn8DxxTn6VTBs9hpayC-ZVUwcGdvg=PEw-Q=Rg@mail.gmail.com>
References: <CA+cU71m0wpnD1ZYOTtr=oW+1BjquFxyagtMt+wgCgC_PD0PE-g@mail.gmail.com> <CABrd9SQd2RETKQWe9-_KCHufAWjBhs2k008vEz-5cyM_gbY4Qw@mail.gmail.com> <E1812BE0-BD94-4050-95DB-C0483303AFF2@isoc.org> <CABEqWMC=pJUMEn8DxxTn6VTBs9hpayC-ZVUwcGdvg=PEw-Q=Rg@mail.gmail.com>
Date: Tue, 20 Oct 2015 14:46:16 +0100
Message-ID: <CALzYgEfsEOyuo9Ez2JqoMJ=WzZ3mFY+eTe6L2F6ZSLJEiVJAJQ@mail.gmail.com>
From: Eran Messeri <eranm@google.com>
To: Katriel Cohn-Gordon <me@katriel.co.uk>
Content-Type: multipart/alternative; boundary="001a113f9bb06ddd730522897c8a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/3BvCAjBmPjnDL4aphltyjyX3e8o>
Cc: Robin Wilton <wilton@isoc.org>, "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2015 13:46:24 -0000

+1 for reporting it backed to the alleged origin - the problem Tom
describes is significant as the client would want to hold onto these
suspicious pieces of information until it is confident it has been
reported, but has no way of knowing if the report has been acknowledged by
the 'genuine' origin.

One option is to not prescribe when clients drop such pieces of
information, so clients are free to re-send it multiple times or even
forever, until an out-of-band signal (i.e. a client software update) is
received to indicate to the client that this information has been received
and acted upon.

On Tue, Oct 20, 2015 at 2:22 PM, Katriel Cohn-Gordon <me@katriel.co.uk>
wrote:

> On Tue, Oct 20, 2015 at 1:53 PM, Robin Wilton <wilton@isoc.org> wrote:
>
>> If it’s not appropriate, under these circumstances, to forfeit some
>> degree of origin privacy by invoking at least one auditor, then I think we
>> need to consider how to mitigate the risk that the origin is a bad actor.
>
>
> ​The context for this attack is a colluding malicious CA and log server,
> right?​ If so, is CT even intended to handle a colluding website, CA and
> log server?
>
> (Incidentally, since a log server knows when it is releasing proof of
> cheating, I suppose malicious servers would generally opt to error instead
> of proving their misbehaviour.)
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>
>

v2.23.0 | Report a Bug | By Email