Re: [Trans] Design of gossip
Linus Nordberg <linus@nordu.net> Mon, 29 September 2014 13:36 UTC
Return-Path: <linus@nordu.net>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E7FE1A1A6E for <trans@ietfa.amsl.com>; Mon, 29 Sep 2014 06:36:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.829
X-Spam-Level: *
X-Spam-Status: No, score=1.829 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rvBKARvpSe3j for <trans@ietfa.amsl.com>; Mon, 29 Sep 2014 06:36:51 -0700 (PDT)
Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCA131A1AFF for <trans@ietf.org>; Mon, 29 Sep 2014 06:36:45 -0700 (PDT)
Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id s8TDagku011374 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 29 Sep 2014 15:36:42 +0200
Received: from kerio.nordu.net (kerio.nordu.net [109.105.110.42]) by smtp1.nordu.net (8.14.7/8.14.7) with ESMTP id s8TDaccc029272 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 29 Sep 2014 13:36:41 GMT
VBR-Info: md=nordu.net; mc=all; mv=swamid.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nordu.net; s=default; t=1411997802; bh=J/RzBjCfaGloUjbW6wyUTRovV5KGgUB3G+3fjnOG+jU=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=BK3VwL3YUK2SS1K/sEMwMRJPlpUW7kkdURDS4wj5OLwh4ocRG9HPZDwCUZ4CcHWPo joCUeK+B8KfE3hbRmMO7+m5PZpMCXgQGjG8ZjW1vYfuWoxpUAzwtLkEyx7RnXUUHZj cczKCuOIYp36SAV7fbpJ/mXeBHuTaXiaAjFJR2MQ=
X-Footer: bm9yZHUubmV0
Received: from flogsta.nordberg.se ([193.10.5.129]) (authenticated user linus@nordu.net) by kerio.nordu.net (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)); Mon, 29 Sep 2014 15:36:40 +0200
From: Linus Nordberg <linus@nordu.net>
To: Watson Ladd <watsonbladd@gmail.com>
Organization: NORDUnet A/S
References: <CACsn0c=NDRnVUE0APeoYq2AL4hsX6nOQXnzGaJcP2vrNYJBduw@mail.gmail.com>
Date: Mon, 29 Sep 2014 15:37:44 +0200
In-Reply-To: <CACsn0c=NDRnVUE0APeoYq2AL4hsX6nOQXnzGaJcP2vrNYJBduw@mail.gmail.com> (Watson Ladd's message of "Sat, 27 Sep 2014 10:42:30 -0700")
Message-ID: <8738bapmxj.fsf@nordberg.se>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: CanIt (www . roaringpenguin . com)
X-Scanned-By: MIMEDefang 2.74 on 109.105.111.32
X-p0f-Info: os=unknown unknown, link=Ethernet or modem
X-CanIt-Geo: ip=109.105.110.42; country=SE; latitude=62.0000; longitude=15.0000; http://maps.google.com/maps?q=62.0000,15.0000&z=6
X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default)
X-Canit-Stats-ID: 0aMV1AGxI - debe60d5e118 - 20140929
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/AWlN0X3g5-0yme_kJI-g9xo9wcI
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Design of gossip
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Sep 2014 13:36:53 -0000
Watson Ladd <watsonbladd@gmail.com> wrote Sat, 27 Sep 2014 10:42:30 -0700: | The first choice is what to gossip: tree heads and proofs or certs. What's the reason for including proofs in the gossiping? Is it an optimisation of network resources? My initial thought has been that gossiping about anything that's not signed by logs opens up for attacks against log reputation. | Both have privacy implications: while certs more directly reveal which | sites are visited, it's possible that tree heads will be unique per | cert due to the impact of adding to a tree one cert at a time, so each | precert will end up showing a different head. This is a tricky issue. I think that this would have to be handled by stipulating that logs cannot issue "crazy numbers" of STH's. Numbers get crazy and dangerous when they come near some number related to the number of unique requests for STH's. Unique per client, that is. (Imagine a log producing a new tree head for each STH request and "watermarking" clients by recording which unique STH was delivered to them, so that when someone come asking for an inclusion proof for that STH, the log could link a site to a client.) If there's going to be any point in this maximum number of STH's issued per something, it has to be auditable. In the CT case, I can think of STH's per time unit and STH's per logged certificate. A new log parameter _minimum_ merge delay could be defined for the per time solution. The time would have to be chosen based on expected number of STH requests per time unit. For the "per new entry" idea, we would also have to add a new maximum new entries per time unit. Not sure that this is such a great thing for CT. Might be useful for other types of logs. | The second choice is what gossip produces. In particular do we push | consistency proofs towards clients, or pull the heads towards | monitors? Either approach can work, but the first approach could save | bandwidth: a consistent head does not need to be reported. The first | also enables remembering what has been recorded. The second approach | is simpler for gossipers. I think consistent heads need to be reported too since that's the only way to learn about you being the only one seeing a particular, from your point of view well behaving, log. I'm reading "consistent head" to mean an STH that checks out correctly against an older trusted STH and a consistency proof from that point. | The third choice is how to gossip. Probably the best approach is some | sort of peer-to-peer network, with the possibility of using other | servers if the P2P approach doesn't work. However, gossip needs to be | censorship resistant, which can be a bit tricky. We also want gossip | to deal with a small fraction of malicious nodes, which means some | approaches are tricky: in particular nodes can't stop if some nodes | say "we've heard it before". | | We also need to make sure we don't lose submitted heads, even as old | heads grow in number. Using consistency proofs to reduce the number of | heads helps with this problem. | | DHTs may be a workable approach, but I don't know of Byzantine proof | ones. Flood-fill on random graphs scales if you make it publish only, | but dealing with old data gets tricky: we want new nodes to learn it, | without having to send it unnecessarily. Showing the result of an | audit and backfilling can work, but we need to think about the details | and try some experiments. This is a pretty large subject. My initial thoughts are that i) boy are there ways we could mess this up and ii) we don't want clients to have to try to talk to other clients directly. Taken together that leads me to a somewhat defensive model where clients use an already established, untrusted, peer as a vehicle for conveying their gossip messages. That doesn't mean one couldn't build a useful protocol on top of that though.
- [Trans] Design of gossip Watson Ladd
- Re: [Trans] Design of gossip Linus Nordberg
- Re: [Trans] Design of gossip Ben Laurie
- Re: [Trans] Design of gossip Ben Laurie