Re: [Trans] How to redact an entry
Phillip Hallam-Baker <ietf@hallambaker.com> Wed, 16 November 2016 14:20 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C95FA129518 for <trans@ietfa.amsl.com>; Wed, 16 Nov 2016 06:20:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qwX-xQM9o1Mv for <trans@ietfa.amsl.com>; Wed, 16 Nov 2016 06:20:07 -0800 (PST)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 544E912942F for <trans@ietf.org>; Wed, 16 Nov 2016 06:20:06 -0800 (PST)
Received: by mail-wm0-x229.google.com with SMTP id t79so75851779wmt.0 for <trans@ietf.org>; Wed, 16 Nov 2016 06:20:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=I57riaFtHyFmh9Evtyck6okh3D3pxeIO57Vfayq/4eo=; b=k/1LaadjuRCpDf3Wzltk/YavBUfpLP46+PkyYwM2jwmg3OfN+H8l2MLpr9ynJk06UW x0E2KKYd+3VCcOIi79uXWVCohdLjPHKxMzfFrD4ah3rDqPolRMI5W6sPPJ4vsmSPDrEi 6WOGoNPm31S+BgKhgZI+BrG7L7+NnYfhDlSPWr+qHwbbbI45BkZIgQ8JG2HXwfRX+XeY p948o0rxWciql9MbCvHRi5HoDvEJOXpUKundAQI5TpruafXISzBkJmTJEV0DiLjSSA+O x/4Rc8jbCeC1qlBYtLLVxJIAIJrhT2awkA60EpXPLLE+y3hZTgl8TaEmrz71v3Spr80W ut7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=I57riaFtHyFmh9Evtyck6okh3D3pxeIO57Vfayq/4eo=; b=jgeoPtkBJWBAbfGAPyEnpjF7DvSyiMhvYu74WTDT6VTbKvvcgbIeuNaodHkVIiK/qp qjeV3pfF7x0l6uXlW/SiSAkRYbTC3sAYeFgGgvVRlijebDwYTJwz90LcynY+27iB14X4 xtkmHOEC2ScVCvTHAF4AC+P0V3bVOamtDH3FQhmiaM348s0x/D0BTp3vUgshAIRF51+q urKl99i0wmm6JCerDysKBPZSnAI0/zK3TOyDAsC19vp9NRDIboYaI7eba9vAem4wMO3b mmBybpQJoCuUZYzaSN98iqKIHFrWK7+ca+JQilZwgMbOqQs9Njp7D1TsTpyd2K8E9Bc3 uUwA==
X-Gm-Message-State: ABUngvc0mIKjoxhzCZ8Dyw7NDMVZIWboa7Hp7YCsGPk6T1k27lNdi7vubD9bAUTUDujR8yBC8/CpAsaO2f/kIg==
X-Received: by 10.194.14.196 with SMTP id r4mr2584643wjc.54.1479306004813; Wed, 16 Nov 2016 06:20:04 -0800 (PST)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.194.3.41 with HTTP; Wed, 16 Nov 2016 06:20:03 -0800 (PST)
In-Reply-To: <CABrd9SQjMkWCOv1jPky+DiOE61qCTXej2Ovy9nRVAKs66OtEGA@mail.gmail.com>
References: <CABrd9SSeePrsNq8ERjxpbEvUAdyb=yQOGAom0qh9SZMoP=nsMw@mail.gmail.com> <CAMm+LwiZUw+JpEanY5vkxGBOtdrs9HfYzp34cBtwDv34uJCjKw@mail.gmail.com> <4E665C5B-BC28-428E-9BFB-626D3364E05B@nohats.ca> <CABrd9STPBWt=p-eAW5t=QSw2oexuSeW5tbtcbczagA0jx77gQA@mail.gmail.com> <alpine.LRH.2.20.1611160636020.4488@bofh.nohats.ca> <CABrd9SQjMkWCOv1jPky+DiOE61qCTXej2Ovy9nRVAKs66OtEGA@mail.gmail.com>
From: Phillip Hallam-Baker <ietf@hallambaker.com>
Date: Wed, 16 Nov 2016 09:20:03 -0500
X-Google-Sender-Auth: hdeunzsBC3KYS98I1wY6E0bqKM0
Message-ID: <CAMm+Lwim3NDovHGp62UBKhGc4ewYQQkq2=qH9ssAOFk=JTF=Cw@mail.gmail.com>
To: Ben Laurie <benl@google.com>
Content-Type: multipart/alternative; boundary="047d7b66fd9dee5cd105416bc4f1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/Ior2bPcX806_QaNrg8Yvo4GyR94>
Cc: Paul Wouters <paul@nohats.ca>, "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] How to redact an entry
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 14:20:13 -0000
Lets break this down. In what way is suppression of a previously enrolled certificate different to not enrolling the certificate at all? The only ones I can see is that it means that 1) the CA is off the hook, they fulfilled their duties and 2) the fact that suppression has occurred is visible. CT relies on there being some feedback mechanism to detect unenrolled certs, the same would apply to suppressed certs. So let us imagine that a government coerces a CA to issue a bogus cert and then coerces a notary to suppress it. What next? Well first off anyone who has a copy of that cert taken from the repository before the suppression is going to hard look at it. So the chance of people being aware of the suppression and working out the reason for it is essentially 99%. A person formerly very senior in NSA told me that the governing paradigm post Snowden was 'NOBUS': Nobody but us. Sure they might want to perform this type of attack if they think they can get away with it but they won't do things that are liable to get caught. On Wed, Nov 16, 2016 at 6:48 AM, Ben Laurie <benl@google.com> wrote: > On 16 November 2016 at 11:39, Paul Wouters <paul@nohats.ca> wrote: > > On Wed, 16 Nov 2016, Ben Laurie wrote: > > > > (no hats on) > > > >> On 16 November 2016 at 03:46, Paul Wouters <paul@nohats.ca> wrote: > >>> > >>> How can I as log consumer detect the difference between the log > removing > >>> illegal content and the log being compelled by a government to hide a > >>> rogue > >>> certificate? > >> > >> > >> Court orders are court orders. That issue is not in the log's domain. > > > > > > It was an example. the core isuse is, how can a consumer determine the > > log censored itself with a valid reason, versus an attack, compromise, > > having been compelled, or for financial gain or any other invalid reason? > > > > Using a hash of a removed cert won't allow anyone to verify the reason > > for removal. And clearly the content cannot remain their either. It's > > a catch22. > > This is why the redaction reason entry exists, so that there _is_ > something to reason about. If you (a consumer) are unconvinced by the > reason, well, there are public fora where you can voice your concerns. >
- [Trans] How to redact an entry Ben Laurie
- Re: [Trans] How to redact an entry Phillip Hallam-Baker
- Re: [Trans] How to redact an entry Paul Wouters
- Re: [Trans] How to redact an entry Phillip Hallam-Baker
- Re: [Trans] How to redact an entry Paul Wouters
- Re: [Trans] How to redact an entry Phillip Hallam-Baker
- Re: [Trans] How to redact an entry Ben Laurie
- Re: [Trans] How to redact an entry Ben Laurie
- Re: [Trans] How to redact an entry Paul Wouters
- Re: [Trans] How to redact an entry Ben Laurie
- Re: [Trans] How to redact an entry Phillip Hallam-Baker
- Re: [Trans] How to redact an entry Eran Messeri
- Re: [Trans] How to redact an entry Peter Bowen