Re: [Trans] redacted names and my proposal
Stephen Kent <kent@bbn.com> Mon, 15 September 2014 19:02 UTC
Return-Path: <kent@bbn.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FCD81A8765 for <trans@ietfa.amsl.com>; Mon, 15 Sep 2014 12:02:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.853
X-Spam-Level:
X-Spam-Status: No, score=-5.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id snziIhKbn2fQ for <trans@ietfa.amsl.com>; Mon, 15 Sep 2014 12:02:39 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29AE21A1F70 for <trans@ietf.org>; Mon, 15 Sep 2014 11:52:29 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:52877 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1XTbO0-000Lbt-6L for trans@ietf.org; Mon, 15 Sep 2014 14:52:28 -0400
Message-ID: <5417356A.30200@bbn.com>
Date: Mon, 15 Sep 2014 14:52:26 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: trans@ietf.org
References: <5411EBD2.6010703@bbn.com> <5412C4EB.7070306@comodo.com>
In-Reply-To: <5412C4EB.7070306@comodo.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/GCJR1M6oivedAjeP4_qvSghXOcQ
Subject: Re: [Trans] redacted names and my proposal
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Sep 2014 19:02:53 -0000
Rob, > Steve, my point is that the name redaction mechanism I proposed is, > necessarily, a one-phase protocol. The Precertificate must be logged > (hence phase 1), and the final certificate must not be required to be > logged (hence the lack of a phase 2). Your requirements are not in conflict with my proposal. In phase 1 the redacted name would be input. In Phase 2, the same input as in Phase 1 would be supplied, plus the serial number. My initial characterization of the proposal didn't consider name redaction, and thus described the second phase as using the issued cert. But, I tried to clarify that when you pointed out that I had failed to consider redacted certs, initially. > If the final certificate is logged, then the redacted names become > public. If the final certificate is not logged, then we need to at > least know its serial number so that it is revocable. see my reply above. > I don't think we can avoid requiring the serial number of the final > certificate to be seen by the log before the final certificate is > actually issued, because the embedded SCT(s) in the final certificate > need to prove that the log(s) have seen that serial number. My proposal does have the serial number in the log, acquired in the second pass. It's not clear that an embedded SCT needs to include the serial number, absent a more thorough description of client and Monitor behavior. I agree that there is a residual vulnerability, noted by Ben, if the serial number is not present. But, there appear to be several other vulnerabilities with the current design, based on my first cut attack analysis. Steve
- [Trans] redacted names and my proposal Stephen Kent
- Re: [Trans] redacted names and my proposal Rob Stradling
- Re: [Trans] redacted names and my proposal Stephen Kent