Re: [Trans] [saag] draft-iab-crypto-alg-agility-00

Ben Laurie <ben@links.org> Mon, 07 April 2014 14:37 UTC

Return-Path: <benlaurie@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 833DE1A072C; Mon, 7 Apr 2014 07:37:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yWGnl2rcbt9q; Mon, 7 Apr 2014 07:37:39 -0700 (PDT)
Received: from mail-qc0-x232.google.com (mail-qc0-x232.google.com [IPv6:2607:f8b0:400d:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id 750911A044C; Mon, 7 Apr 2014 07:37:16 -0700 (PDT)
Received: by mail-qc0-f178.google.com with SMTP id i8so6426026qcq.37 for <multiple recipients>; Mon, 07 Apr 2014 07:37:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=DuEApVu0ykD3cfqzV6qn6JTomxq14bPw+VEOChzc06Y=; b=bAdVdu+4fpHGkMfyxH/wk3325AewW/Vu+N+OHWGuSL+7fDjQxyI3NKkJIJSKUoJUcS CwqnxCmMYIZ44n7Tpb84aIlAeVrQoJpkHMj3fUWEkYvTESUlM6xU8JqGN+D/mhhaVAeL 74+xWl3WtBMKrL8VVFsHID6C3S5sVShV/MWuuqnVzp9CQOwoMQl511NCLknjYG7LhWXp GwdQXxrAVKlC0rEii/OQER1u0c8o8L8vjK4X4ohtpUhlrZjsGB1zfUiP2tVbrPApbhwQ 65zOehXw1vLnuJolB8FjYHUkcpmyXQSc48aJ+RWMTQf/s/gQfhT4BSfkckFatOdeHHTV 2q4w==
MIME-Version: 1.0
X-Received: by 10.224.147.77 with SMTP id k13mr16010750qav.64.1396881430593; Mon, 07 Apr 2014 07:37:10 -0700 (PDT)
Sender: benlaurie@gmail.com
Received: by 10.96.157.137 with HTTP; Mon, 7 Apr 2014 07:37:10 -0700 (PDT)
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED14@USMBX1.msg.corp.akamai.com>
References: <5999195E-9073-4649-A224-BF71BA61CBAF@vigilsec.com> <CAG5KPzzqSQ++YpQcnYesecL0GQ0+J0ieMXBrNk6txMAC58xEQQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04EBD0@USMBX1.msg.corp.akamai.com> <6.2.5.6.2.20140406121529.0bd2d730@resistor.net> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04EBD7@USMBX1.msg.corp.akamai.com> <CAG5KPzxihe+k0x0njC+BANacmrrQyfU5RAY_EYcMYW2rx8DZfw@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED14@USMBX1.msg.corp.akamai.com>
Date: Mon, 7 Apr 2014 15:37:10 +0100
X-Google-Sender-Auth: rqKQwVGdGvQgg68cu3AaF4IbQ0s
Message-ID: <CAG5KPzzzmJhcPfs0cJuS3f8Lu_Rua9dj0XWaOZ0RQ0Mwyd+egw@mail.gmail.com>
From: Ben Laurie <ben@links.org>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: text/plain; charset=ISO-8859-1
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/RcKVIeSS9QhLUVilP5FeRyvDISA
X-Mailman-Approved-At: Mon, 07 Apr 2014 09:24:13 -0700
Cc: "trans@ietf.org" <trans@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [Trans] [saag] draft-iab-crypto-alg-agility-00
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Apr 2014 14:37:43 -0000

On 7 April 2014 15:00, Salz, Rich <rsalz@akamai.com> wrote:
> (Adding trans@ietf.org)
>
> Me:
>> CT should not be a special case exemption from the agility spec.
>
> Ben:
>> I think it should, and here's why: normally you want agility so endpoints can change their crypto in an orderly way, so as to phase out weak algorithms. In CT the endpoint is the enemy: you don't want it to be able to choose algorithms that suit it.
>
> What is the endpoint?  The  log server?  I don't understand the point.

Yes, the log server.

> And as I said, why can't you get the same effect with proper use of ALL CAPS words in the RFC?

What effect? You mean define an algorithm that the log server MUST use?