Re: [Trans] Log checking should be asynchronous (Re: Volunteer opportunity! (was Re: DNSSEC also needs CT))
Ben Laurie <benl@google.com> Mon, 07 July 2014 16:19 UTC
Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 597AB1A0371 for <trans@ietfa.amsl.com>; Mon, 7 Jul 2014 09:19:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.03
X-Spam-Level:
X-Spam-Status: No, score=-2.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7n_-jdYdIBV6 for <trans@ietfa.amsl.com>; Mon, 7 Jul 2014 09:19:49 -0700 (PDT)
Received: from mail-qc0-x22e.google.com (mail-qc0-x22e.google.com [IPv6:2607:f8b0:400d:c01::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63DAE1A037A for <trans@ietf.org>; Mon, 7 Jul 2014 09:19:49 -0700 (PDT)
Received: by mail-qc0-f174.google.com with SMTP id x13so3915595qcv.5 for <trans@ietf.org>; Mon, 07 Jul 2014 09:19:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=v32/xwz3owkJbFbKNRoRWTg+Nsrny7Tu+QdrwYU1JMg=; b=bMYl0bj4do3lAZxXaKyosq6HHGxmsNimhpI+e1zq8KncUX51vILV+1Bs//tOTVyk2l IBKzhGyNsMypYvcZyQURnXzsYWwlaZTaH0warFkFq1OZ2cTHIp3pECTv6PXfGxLFEvqJ KdmBrLsK44CDW9vAFpQVLbIWCgU8EcWx+Rd34g56zqrQwLbWmzx92SSxKdNfbv1oc8oE i5jLb8m8Wqj+Mf386hvcAnZQEsXbMqf8e0fw29mDClL3yd9mHApssS75vAUo5+cI5WzU Nkq7GucLVUYicv1S+AtAl1BR4IHp0nrJdPZK4A2m3KJFsKJnPE9Zg6sczm7zFqwvURIt AFtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=v32/xwz3owkJbFbKNRoRWTg+Nsrny7Tu+QdrwYU1JMg=; b=Up+pFYlJ1VpFwfZEArG1nw+Rf5L8N9v3roHe5KVJGffT521tHGX+2ZlrsFl/mg7Got I99H7PebITWBNgQyx2CqtscVW5AcaJqMpPXL7SFY5qLDWEYdkS/blpR7yZmhCqsTYEv+ DwXddstXmSq5zFdZLbUxvfWciD5Uvi/ryCFsUk2/Be4Z+iQj4kSlP8dMsEZyQw84wy8G gHL2QCbStUKVBp1Jn3G+BQgm8StNyRvFKzVzrlwIYUtUe++SFg9Wf+6FVl/TZRpl6h6w 5QgDMUTpNb+teUp+lvLrBMqTwbQaEHOBpdVywMo2eOdSHoK/57AV/+zCsWSlDbount4X lA5Q==
X-Gm-Message-State: ALoCoQkRVyyYAnDqjsm7UV9FfeBjJmm3gP9HHcEK7Y4Fd5aIJ78v/aigsHqjbohaWbm3JthRcmu1
MIME-Version: 1.0
X-Received: by 10.224.61.1 with SMTP id r1mr49167147qah.95.1404749988568; Mon, 07 Jul 2014 09:19:48 -0700 (PDT)
Received: by 10.229.100.72 with HTTP; Mon, 7 Jul 2014 09:19:48 -0700 (PDT)
In-Reply-To: <CAK3OfOgPuOnRBC+_-Hwfgk+yTMtHWQyTwQZVCy5fnVhm6nLyEQ@mail.gmail.com>
References: <CAK3OfOgPuOnRBC+_-Hwfgk+yTMtHWQyTwQZVCy5fnVhm6nLyEQ@mail.gmail.com>
Date: Mon, 07 Jul 2014 17:19:48 +0100
Message-ID: <CABrd9SRKZ83aUySQqa2q+UFPPtd7=NiFqdHJvM_BFUYYuJnc9Q@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/Qxv2jx8TToK9zSp7EfGRi0zlVOU
Cc: Melinda Shore <melinda.shore@gmail.com>, "trans@ietf.org" <trans@ietf.org>, Dmitry Belyavsky <beldmit@gmail.com>
Subject: Re: [Trans] Log checking should be asynchronous (Re: Volunteer opportunity! (was Re: DNSSEC also needs CT))
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 16:19:58 -0000
On 2 June 2014 17:57, Nico Williams <nico@cryptonector.com> wrote: > On Tue, May 13, 2014 at 3:41 AM, Dmitry Belyavsky <beldmit@gmail.com> wrote: >> Here are my ideas about "strict" behaviour of the TLS client: >> >> [...] > > IMO log checking should be mostly asynchronous. This means that CT > couldn't detect MITMing CAs in real-time, but that's OK because CT is > about CA reputation, and all we care about is that when we detect > lying CAs we can report them. > > This means that clients mostly should only reject TLS connections when > there's no evidence of server certs being logged in an acceptable log. > > It also means we need some mechanism for reporting lying CAs. Thus > far reporting via blogs, news outlets, and trust anchor set managers, > has been good enough, and I'm not sure that we need anything more than > any async notification to users (and upstreams) by browsers (and other > clients). > > There are privacy protection considerations in reporting lying CAs: > report the name about which they lied, just the log entry(ies) that > are missing, or just an assertion that they lied? > > Again, as I see it CT is purely a reputation-based system. Reputation > is established (and blemished/destroyed) asynchronously. Just to be clear here - logs do not provide reputation. They provide a mechanism by which others can establish reputation. I hope we agree on this important point! > > This is important: we cannot be adding too much latency to TLS. By > doing log checking asynchronously we won't be. Right.
- [Trans] Log checking should be asynchronous (Re: … Nico Williams
- Re: [Trans] Log checking should be asynchronous (… Ben Laurie