IETF Logo Mail Archive

Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior

Ben Laurie <benl@google.com> Tue, 20 October 2015 18:50 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38F701ACE17 for <trans@ietfa.amsl.com>; Tue, 20 Oct 2015 11:50:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kmdq6ZYUOaSR for <trans@ietfa.amsl.com>; Tue, 20 Oct 2015 11:50:06 -0700 (PDT)
Received: from mail-yk0-x22f.google.com (mail-yk0-x22f.google.com [IPv6:2607:f8b0:4002:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99FF31ACE13 for <trans@ietf.org>; Tue, 20 Oct 2015 11:50:06 -0700 (PDT)
Received: by ykdr3 with SMTP id r3so26161102ykd.1 for <trans@ietf.org>; Tue, 20 Oct 2015 11:50:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=bljLWUU2MLuMRA5uNvDN2XzNSa1aTtzF+nFe1f4Doi0=; b=oPF46M/DCH+jungPujKACvLymBq1JQ4/sR6CEfrejPtdIWZJBmjTkCLE3UYXrpKSFU 5Xk3zaqhB9lVu7+9SONM1pV4ingXi4qzMP5MgIxFMzgB8c5Yd8pMAi+fh3xtE8+si5Sc F+iy6X4K87Rp9cIaYbz7XYOKvUL0vcRP8jN7VrR19dERsS9bjY0ts3mHS+IZzgu5F0Id A5KP6aKt8hnc+KNGs6cfsVbpR03UOebmyz4UdaSIhwM8bIAUekggCfIbolabcKB/fstY 2YCGEDuivFYNZU+iGbUuCHprIdyQioxV7xc/mcs9FNtvk14YbxwxK+8qiJZMPOG3pKCT 7fRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=bljLWUU2MLuMRA5uNvDN2XzNSa1aTtzF+nFe1f4Doi0=; b=DenQdyhJ4l2j9aA5STnvkC2/P4KtKojTaBFEpvCehsSePWKrsjGkOJQ3mYGNfwVp66 7SPaSadtfuMPDG369swUhBZbnnTILQ/nsGTlx8NG7cmT5sSVhKlz/n0A491lTxh0T+CV oXKYCvxJbWU9eGd7AY9NtxJEW1GPbduf3C3MRmgWChmHMXThAGRILUhnAEi9FlKy3RyZ uE8g1xdcNiR/Wi12n1d1HSCyA/LCV279WcZtex9r4HYPuVwcVb8QJMf6MO5AGfsZ2tj2 JVR45+XbgTG50mcBBWvoGZ7UWJBHrYLeNX5GXQVAU9/960apqKu0JURNmwUEQqULiXT7 TVAg==
X-Gm-Message-State: ALoCoQkVbxI21QEfTA52aQ4r2OL2Ws5FwyFmlbh5iMmK6u5Wt2fOs/GnX8jUij1bkY/kuAOQyZWo
X-Received: by 10.13.215.213 with SMTP id z204mr3959593ywd.123.1445367005774; Tue, 20 Oct 2015 11:50:05 -0700 (PDT)
MIME-Version: 1.0
References: <CA+cU71m0wpnD1ZYOTtr=oW+1BjquFxyagtMt+wgCgC_PD0PE-g@mail.gmail.com> <CABrd9SQd2RETKQWe9-_KCHufAWjBhs2k008vEz-5cyM_gbY4Qw@mail.gmail.com> <E1812BE0-BD94-4050-95DB-C0483303AFF2@isoc.org> <CABEqWMC=pJUMEn8DxxTn6VTBs9hpayC-ZVUwcGdvg=PEw-Q=Rg@mail.gmail.com> <CALzYgEfsEOyuo9Ez2JqoMJ=WzZ3mFY+eTe6L2F6ZSLJEiVJAJQ@mail.gmail.com> <CA+cU71=YMq3jJhdnv_CqmteUhRnnxYmbpjQ=hN0DhFbBoy+ERg@mail.gmail.com>
In-Reply-To: <CA+cU71=YMq3jJhdnv_CqmteUhRnnxYmbpjQ=hN0DhFbBoy+ERg@mail.gmail.com>
From: Ben Laurie <benl@google.com>
Date: Tue, 20 Oct 2015 18:49:53 +0000
Message-ID: <CABrd9SSVd7BOFYQWaxEPBmOO5bkrfovpzg8w9S1t3MyL118jQg@mail.gmail.com>
To: Tom Ritter <tom@ritter.vg>, Eran Messeri <eranm@google.com>
Content-Type: multipart/alternative; boundary="94eb2c0762e0f3697b05228dbaa9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/K6d39OABM8Z-l1ihxeYNRozK0e8>
Cc: Katriel Cohn-Gordon <me@katriel.co.uk>, Robin Wilton <wilton@isoc.org>, "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2015 18:50:08 -0000

On Tue, 20 Oct 2015 at 16:28 Tom Ritter <tom@ritter.vg> wrote:

> On 20 October 2015 at 08:46, Eran Messeri <eranm@google.com> wrote:
> > +1 for reporting it backed to the alleged origin - the problem Tom
> describes
> > is significant as the client would want to hold onto these suspicious
> pieces
> > of information until it is confident it has been reported, but has no
> way of
> > knowing if the report has been acknowledged by the 'genuine' origin.
> >
> > One option is to not prescribe when clients drop such pieces of
> information,
> > so clients are free to re-send it multiple times or even forever, until
> an
> > out-of-band signal (i.e. a client software update) is received to
> indicate
> > to the client that this information has been received and acted upon.
>
> So reporting it back to the origin is an appropriate solution for a
> subset of situations.  If I have an SCT+certificate I want to resolve
> to a STH, but can't, I can report it up to the origin via SCT
> Feedback.  We also (or will) have guidelines for submitting it
> multiple times, and ensuring that it's reported on a connection that
> 'looks okay' (we have some notes in 7.1.1)
>
> There are (at least) two cases that aren't covered by "report it to
> the origin". (Maybe more, but I can only think of two right now.)
>
> - The origin doesn't implement SCT Feedback.
>

If it turns out that feedback is essential and the origin doesn't implement
feedback, in the medium term we can assume it doesn't care about CT.

- The data I have is an older STH, which is not tied to any specific origin.
>

Then why do you care? Can't you freely gossip the STH?


>
> -tom
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>

v2.23.0 | Report a Bug | By Email