Re: [Trans] [trans] #96 (rfc6962-bis): Metadata: Should it be dynamic?
Ben Laurie <benl@google.com> Thu, 23 July 2015 11:46 UTC
Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 358E91A016C for <trans@ietfa.amsl.com>; Thu, 23 Jul 2015 04:46:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bRjKVWh8GR4D for <trans@ietfa.amsl.com>; Thu, 23 Jul 2015 04:46:00 -0700 (PDT)
Received: from mail-yk0-x236.google.com (mail-yk0-x236.google.com [IPv6:2607:f8b0:4002:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B44D91ACCE3 for <trans@ietf.org>; Thu, 23 Jul 2015 04:44:29 -0700 (PDT)
Received: by ykfw194 with SMTP id w194so136918404ykf.0 for <trans@ietf.org>; Thu, 23 Jul 2015 04:44:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=VDdvN3dtncecD64YKsh6he5wSgsKSRnUSwCymc8lzgM=; b=V8BL1FQ8DslZDrJbZQXUgJbzrhq733tJVasb42Lso+NnmpP4EDGRa6ABiLsencXBY3 gG34svaaRtevGn2Xvqjh2XnNGt3ybdHxNaqKbgZm93YyPt1JD9xbAHCiFDyeK1Z+Dm/e 1k3vynvLWtsoiOVZ7/LPUvOtSGZoN/wilCvlH5f2dAoxDhUFerczLMwykx9kWcs4KCbf bNmEpy+oUQ21V1B758nyovM+PGafd0n08NRZCRMnDAezZgpFyMDwv4EuCsgO6QheXxVQ FOtR2pWcUIglmcC7NGzbf9k5Vfk+lw4BPs1JqIjIt7JfVBJ6h7/yJNBIBhGguHxMTZEI NvnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=VDdvN3dtncecD64YKsh6he5wSgsKSRnUSwCymc8lzgM=; b=Oh8GZj9Ze4xZKK6o8OqXf06LdbDY8CevAZnay6dbt0UgcbfabRbPgOXaNS6qNgSQaj tMB63lUroHpTYN8AOltSaMI3oHZU9eEqflVa6cPTZdCjuu9ua4GPJvxaFiHFzFffOY6s T8FsiK6cRIodzH+l8WlNAfX845jI4ewbPMdfAS02KyRBGdINDHgfaQ0UsS/VeyHuIqFP pd1krV3ICZ4gNeluLdQtT1zHxTMFuXTB4ZJ3RUkDKhbzs2umJMyPbs8C3yvpwLTBmzt6 X3Z0+dPrI4hwZgTPxkRfHOAITp1s5VUWlNXgnWu9zXMfHm7qW3uDPflEVzDdpZ/xmdoe ipcA==
X-Gm-Message-State: ALoCoQnQHkW48TbhYkpoH8nXRgThmBMDSpirW9eLAK5yK5e9ByLAcHpwIIq4Ry4UTfS71aRmEF9k
X-Received: by 10.170.91.3 with SMTP id i3mr7670177yka.25.1437651869038; Thu, 23 Jul 2015 04:44:29 -0700 (PDT)
MIME-Version: 1.0
References: <056.5d271b279cc61b979e6443dc0948e24a@tools.ietf.org> <071.139420386221cc6aea4536fab0441820@tools.ietf.org> <55B0B674.8090904@bbn.com>
In-Reply-To: <55B0B674.8090904@bbn.com>
From: Ben Laurie <benl@google.com>
Date: Thu, 23 Jul 2015 11:44:19 +0000
Message-ID: <CABrd9SRfY_FVnTkdanGWJS_wq-+4McAOokrRfk6BFRy_YP-gDA@mail.gmail.com>
To: Stephen Kent <kent@bbn.com>, trans issue tracker <trac+trans@tools.ietf.org>, draft-ietf-trans-rfc6962-bis@tools.ietf.org
Content-Type: multipart/alternative; boundary="001a113a05e8f7891f051b8968ab"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/CAExgQN0f0jvhuCd_ZMaZqzGkaU>
Cc: trans@ietf.org
Subject: Re: [Trans] [trans] #96 (rfc6962-bis): Metadata: Should it be dynamic?
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 11:46:02 -0000
On Thu, 23 Jul 2015 at 10:40 Stephen Kent <kent@bbn.com> wrote: > There are two types of log metadata. Some if the data is analogous to > trust anchor > info and thus distributing it to TLS clients using the same (not > standardized) browser > vendor mechanisms makes sense. (This does, though, raise an issue about > how non-browser > client acquire this info; Monitors and Auditors are not necessarily > products of vendors > and thus there may not be the same infrastructure to distribute this > sort of data.) > > Other log metadata (e.g., MMD and STH frequency) is less like trust > anchor info and > it could be distributed by having a signed, time-stamped data structure > posted at a known > location associated with the log. A potential benefit of this model is > that a log operator > can know that if it changes these parameters, all clients are able to > acquire the new info > at the same time. If one relies on an unspecified distribution mechanism > for these parameters, > a log operator cannot know when all clients have received the new info. > That uncertainty > might cause operational problems. So, the title for this issuer is not > really whether ALL > metadata should be dynamic, but rather whether some of it should be. > MMD and STH frequency are parameters that cannot be freely varied and still allow useful operation of the system. It does not seem to me that it would ever be appropriate to allow logs to unilaterally change them - that's precisely why they're part of the metadata and not data that can be retrieved from the log. Perhaps the simplest thing to do is note that changing metadata is also implementation dependent (as well as distribution) and out of scope? Obviously if something doesn't belong in metadata at all, that's a different matter. > Steve > > #96: Metadata: Should it be dynamic? > > > > Changes (by benl@google.com): > > > > * milestone: => review > > > > > > Comment: > > > > We've already discussed this, I feel sure, and the general point is > that > > allowing logs to manipulate their own metadata is dangerous, as you > state. > > That's why the I-D says its distribution is out of scope. > > > > As you know, in practice, Chrome defines its own log metadata, and > that is > > what clients use. I imagine this will be the general pattern. > > > > I propose this is resolved as wontfix. > > > >
- [Trans] [trans] #96 (rfc6962-bis): Metadata: Shou… trans issue tracker
- Re: [Trans] [trans] #96 (rfc6962-bis): Metadata: … trans issue tracker
- Re: [Trans] [trans] #96 (rfc6962-bis): Metadata: … trans issue tracker
- Re: [Trans] [trans] #96 (rfc6962-bis): Metadata: … Stephen Kent
- Re: [Trans] [trans] #96 (rfc6962-bis): Metadata: … Ben Laurie
- Re: [Trans] [trans] #96 (rfc6962-bis): Metadata: … Stephen Kent
- Re: [Trans] [trans] #96 (rfc6962-bis): Metadata: … Ben Laurie
- Re: [Trans] [trans] #96 (rfc6962-bis): Metadata: … trans issue tracker