Re: [Trans] Write-up of the "Strict CT" variant
Jacob Hoffman-Andrews <jsha@eff.org> Tue, 06 June 2017 19:28 UTC
Return-Path: <jsha@eff.org>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 942631294B2 for <trans@ietfa.amsl.com>; Tue, 6 Jun 2017 12:28:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.002
X-Spam-Level:
X-Spam-Status: No, score=-7.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eff.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kwUV3elsUe3t for <trans@ietfa.amsl.com>; Tue, 6 Jun 2017 12:28:20 -0700 (PDT)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64C0F1242EA for <trans@ietf.org>; Tue, 6 Jun 2017 12:28:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject; bh=+i0uLMHX4WwSGPmZeNxwkkUBskS+q+8PaLfcIYon1To=; b=uhOcgnvNnfiBG6SKvX55/l+/1d/b+ri9iSP2FXa2PXze87WOL3zLXnjVtaNE4SYja1Y1Ju6MMoofFk+OsM/4Q66dGL2qidYw4rZhLTcRcxcIYX6KPMlMhA1/XFk0vRL+1Yw+blr/A+JLZAGkPb02tRbNWXxrQljey5JB43ff4tA=;
Received: ; Tue, 06 Jun 2017 12:28:19 -0700
To: Eran Messeri <eranm@google.com>, "trans@ietf.org" <trans@ietf.org>
References: <CALzYgEeUCmj4BgY7uKdMnsvTcbvfAunquuqHxD7FxuzZxY1=Fg@mail.gmail.com>
From: Jacob Hoffman-Andrews <jsha@eff.org>
Message-ID: <0dd84938-9625-c6c8-5f31-d5d0d0683c5c@eff.org>
Date: Tue, 06 Jun 2017 12:28:19 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <CALzYgEeUCmj4BgY7uKdMnsvTcbvfAunquuqHxD7FxuzZxY1=Fg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------FBE777B7AC7CDBBBC37E87CF"
Content-Language: en-US
Received-SPF: skipped for local relay
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/8HU7ycSzeHDAj4zmPRFcKGRH_Fc>
Subject: Re: [Trans] Write-up of the "Strict CT" variant
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 19:28:23 -0000
I'll echo what Filippo said and say that fast issuance (order of minutes) is important, and anything that breaks fast issuance for new sites (or for sites moving between providers) is a problem. In the long run, getting a certificate will be part of standing up a web site just as much as getting DNS and hosting are today. Are we willing to ask the web to accept a delay of 24 hours for any new site? I think that would be a big step backwards. On 05/23/2017 05:42 AM, Eran Messeri wrote: > Options for dealing with the delayed usability of certificates: > > * Opt-in: servers requires presence of proofs via header / X.509 > extension [6]. > This seems like the most plausible option, with the same caveats as HSTS about first visit. However, if Strict CT is only applied for a small number of sites that opt in, is it worth the extra ecosystem complexity? It seems like Strict CT on an opt-in basis would not be a meaningful substitute for gossip. > Certificate is used immediately, only with SCT: Clients accept certificates only with SCTs for a limited duration; after that an inclusion proof must be accompanied [4]. > [4] That requires auditing logs asynchronously, since an attacker with persistent access could keep getting new SCTs issued, or some clients may not have fresh STHs because they missed some updates. This seems potentially promising but I think it has some flaws. Would this auditing be done by the logs themselves, or by monitors? IIUC, logs are allowed to produce infinite SCTs for the same cert once they've logged it, and they don't have to produce the list of SCTs they've signed. So the only party that could meaningfully audit for excessive SCT generation would be the log itself, which is the party we're trying to defend against.
- [Trans] Write-up of the "Strict CT" variant Eran Messeri
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Eran Messeri
- Re: [Trans] Write-up of the "Strict CT" variant Eran Messeri
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Andrew Ayer
- Re: [Trans] Write-up of the "Strict CT" variant Andrew Ayer
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Tom Ritter
- Re: [Trans] Write-up of the "Strict CT" variant Filippo Valsorda
- Re: [Trans] Write-up of the "Strict CT" variant Jacob Hoffman-Andrews
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Phillip Hallam-Baker
- Re: [Trans] Write-up of the "Strict CT" variant Watson Ladd