IETF Logo Mail Archive

Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior

Tom Ritter <tom@ritter.vg> Thu, 22 October 2015 02:16 UTC

Return-Path: <tom@ritter.vg>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F2561B36B6 for <trans@ietfa.amsl.com>; Wed, 21 Oct 2015 19:16:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KDe7Oo0-wMJj for <trans@ietfa.amsl.com>; Wed, 21 Oct 2015 19:16:23 -0700 (PDT)
Received: from mail-qg0-x233.google.com (mail-qg0-x233.google.com [IPv6:2607:f8b0:400d:c04::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BC381B36A2 for <trans@ietf.org>; Wed, 21 Oct 2015 19:16:23 -0700 (PDT)
Received: by qgbb65 with SMTP id b65so44863984qgb.2 for <trans@ietf.org>; Wed, 21 Oct 2015 19:16:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=ab9NEUWA8txrYx1WhqRCSXCaxaJtKzh/yO93X5orzp4=; b=2j6jPW2V9x6DY1xtuDJWTgFB37NToRUf4d4jCdVcmnYXuRZYda08TTwHJApck4ljRp g/SSEI/s1FejSAcNxRWmnymr0Amjk0tdoCfnx07o9JLEjvMYmqW7q5IM4g+7w6kcvCxH hJoss0R764N9pM3v325XwmL9kCWE5MdXgeZF8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ab9NEUWA8txrYx1WhqRCSXCaxaJtKzh/yO93X5orzp4=; b=RPS3tSIYhg55y2V0N1WrFngvwxdnygxizHkJtrDVtaznvaFLrIRipZgbGjKVHQtkm1 bfUmG63ujhbWcCSnSlljqyROTpQdM2gDd73A5nDRYVFH/QrB6mKofTr2QFm+eMy9A2IJ g+GyRodyPSKLhdpV9elgYrT5ZRvlvJYnd0sYsoNujz03KWRnGfeu7iuxu1+e7PNpn1MB Y+3bMhjDBCHlYKjfCXRwSi9JuKr5L+dKx8abxk54N1+i6zX4KU4DPSuLHys/8SCBKFst 09Su1ZyNu2+UNIXV52rT+trqLRNRFw56n0kmoFO/NG4/WTbVvQfpxbh9g04DSc4mNxTl 1YYQ==
X-Gm-Message-State: ALoCoQk//CvmKv+7P//uXpozjyCZGMhYqBwtUdl1qIbKUXe6Yq1Q5gzfOkM6u5a2evgHkSn0/2Yt
X-Received: by 10.140.42.16 with SMTP id b16mr7520644qga.78.1445480182740; Wed, 21 Oct 2015 19:16:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.94.6 with HTTP; Wed, 21 Oct 2015 19:16:03 -0700 (PDT)
In-Reply-To: <87fv142urp.fsf@nordberg.se>
References: <CA+cU71m0wpnD1ZYOTtr=oW+1BjquFxyagtMt+wgCgC_PD0PE-g@mail.gmail.com> <CABrd9SQd2RETKQWe9-_KCHufAWjBhs2k008vEz-5cyM_gbY4Qw@mail.gmail.com> <E1812BE0-BD94-4050-95DB-C0483303AFF2@isoc.org> <CABEqWMC=pJUMEn8DxxTn6VTBs9hpayC-ZVUwcGdvg=PEw-Q=Rg@mail.gmail.com> <CALzYgEfsEOyuo9Ez2JqoMJ=WzZ3mFY+eTe6L2F6ZSLJEiVJAJQ@mail.gmail.com> <CA+cU71=YMq3jJhdnv_CqmteUhRnnxYmbpjQ=hN0DhFbBoy+ERg@mail.gmail.com> <CALzYgEcnW-Gm5jjv3cGj-MTPO9TA2u8sVpuJU8ML8dPi-ynKRA@mail.gmail.com> <87fv142urp.fsf@nordberg.se>
From: Tom Ritter <tom@ritter.vg>
Date: Wed, 21 Oct 2015 21:16:03 -0500
Message-ID: <CA+cU71=s9fkKxYF47mYRnejLexsE2x924Dm+sU=fckzKKPdE4A@mail.gmail.com>
To: Linus Nordberg <linus@nordu.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/FQXxSKlFTTLPx1QiR3vPjBw9OdI>
Cc: Katriel Cohn-Gordon <me@katriel.co.uk>, Robin Wilton <wilton@isoc.org>, Eran Messeri <eranm@google.com>, "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2015 02:16:25 -0000

On 21 October 2015 at 08:52, Linus Nordberg <linus@nordu.net> wrote:
> | > - The origin doesn't implement SCT Feedback.
> | >
> |  This is a hard one - if a domain operator isn't interested in learning
> | about attacks against their domain, can anything be done about that?
> | My suggestion for this case is to make it easy to delegate SCT Feedback -
> | so domain owners can allow other domains which operate SCT Feedback to
> | receive SCTs on their behalf. How does that sound?
>
> Scary because we want the end user to trust that the same-origin
> principle is indeed followed if they're going to play along with SCT
> Feedback. Opening up for delegation sounds like bad news wrt this.

I am less concerned about this aspect of delegation. A server can
always share data out of band width a third party.  And they can even
delegate it to a third party without us knowing.  So enabling a
mechanism that makes it _easy_ to delegate it does not worry me as
much as it does you =)

> Impractical since the browser would have to know which domain that
> example.com has delegated its SCT Feedback to.

This is an engineering problem I don't see a neat solution to. So
obviously the solution is a new HTTP header! SCT-Feedback:
https://uncle-neds-discount-hanggliding-and-sct-feedback-correlator.website/google.com/
;)

> Susceptible of blocking since it cannot be performed in the same TLS
> stream as the ordinary https request.

But this one does worry me very much.  We mention it down in
https://tools.ietf.org/html/draft-ietf-trans-gossip-01#section-10.2.1
and I'm hopeful we will get implementations that multiplex gossip
traffic as much as they can so it is much more difficult to block.


> | > - The data I have is an older STH, which is not tied to any specific
> | > origin.
> | >
> | I think this case is less sensitive from a privacy perspective and so could
> | be gossiped with any servers that do implement SCT Feedback?
>
> We have STH Pollination for STH's but only if the STH is fresh, defined
> in the draft as no older than 14 days. I think Tom means that "older"
> implies "not fresh".

Yes.  The risk here is admittedly less than that of a SCT, but I do
still worry about it.
Would it solve the problem if we had an additional one-week grace
period?  Where we say "You resolve older STHs into a fresh STH - but
if you encounter an error trying to resolve a STH that is between 2
and 3 weeks old, you pollinate it anyway?"

What are the implications of that... So a log could refuse to resolve
a consistency proof, and the client would pollinate it. A website
(colluding with the log) could identify that client individually
(because no one else would be pollinating that STH.)  Separately, if
website A receives old-STH, and website B receives it as well, they
can do some pretty reliable cross-origin linkage.  But they can't
actually induce a client to pollinate old-STH without either the log's
help (by refusing to resolve a consistency proof) or without blocking
the consistency proof resolution.

Are there more? That seems like it could be acceptable to me from a
privacy POV... And it seems like it would solve the problem... I can't
think of a way you receive (no-maliciously) an older-then-three-week
STH.

-tom

v2.23.0 | Report a Bug | By Email