IETF Logo Mail Archive

Re: [Trans] Angle brackets in the PRIVATE option (Ticket #1)

Rob Stradling <rob.stradling@comodo.com> Tue, 01 April 2014 20:41 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA3FA1A09CA for <trans@ietfa.amsl.com>; Tue, 1 Apr 2014 13:41:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.29
X-Spam-Level:
X-Spam-Status: No, score=-1.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_NET=0.611, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YStSIs1eO0lK for <trans@ietfa.amsl.com>; Tue, 1 Apr 2014 13:41:15 -0700 (PDT)
Received: from ian.brad.office.comodo.net (eth5.brad-fw.brad.office.ccanet.co.uk [178.255.87.226]) by ietfa.amsl.com (Postfix) with ESMTP id 05DD61A08C1 for <trans@ietf.org>; Tue, 1 Apr 2014 13:41:14 -0700 (PDT)
Received: (qmail 3717 invoked by uid 1000); 1 Apr 2014 20:41:10 -0000
Received: from nigel.brad.office.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Tue, 01 Apr 2014 21:41:10 +0100
Message-ID: <533B2466.1090309@comodo.com>
Date: Tue, 01 Apr 2014 21:41:10 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Gervase Markham <gerv@mozilla.org>, Peter Bowen <pzbowen@gmail.com>, Rick Andrews <Rick_Andrews@symantec.com>
References: <544B0DD62A64C1448B2DA253C011414607C85F3902@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CAK6vND-NToUO3FgC-Tp-nykj-LYpDQE0AewJeF5oUHow6XSLSQ@mail.gmail.com> <53393F1F.6080005@comodo.com> <533AC501.30206@mozilla.org> <533B20F8.10803@comodo.com> <533B217E.90103@mozilla.org>
In-Reply-To: <533B217E.90103@mozilla.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/BWGBtJnpPWeLqwaODpeIgM4PLe4
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Angle brackets in the PRIVATE option (Ticket #1)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Apr 2014 20:41:17 -0000

On 01/04/14 21:28, Gervase Markham wrote:
> On 01/04/14 21:26, Rob Stradling wrote:
>> Hi Gerv.  I don't think this is desirable.
>>
>> Only the domain owner needs to know what the unmasked subdomains are,
>> and they can do this by simply looking at the corresponding Certificate.
>
> Does it not help with your combinatorial explosion, because it's then
> much easier to match up a potential cert with its logged precert?
>
> Or am I mistaken?

A TLS client will see only the Certificate, and from that it needs to 
reconstruct the Precertificate.

Yes, the Precertificate is publicly logged, but this doesn't help a TLS 
client that is not allowed to perform blocking side-channel lookups 
during TLS handshakes.

So no, I'm afraid it wouldn't help with the combinatorial explosion. 
(So I'll stick with my original idea for solving that).

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

v2.23.0 | Report a Bug | By Email