Re: [Trans] Gossiping in CT

Linus Nordberg <linus@nordu.net> Mon, 29 September 2014 12:19 UTC

Return-Path: <linus@nordu.net>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E291E1A8744 for <trans@ietfa.amsl.com>; Mon, 29 Sep 2014 05:19:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.028
X-Spam-Level: *
X-Spam-Status: No, score=1.028 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vB9rA8Y6dwvb for <trans@ietfa.amsl.com>; Mon, 29 Sep 2014 05:19:08 -0700 (PDT)
Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB2321A1B9C for <trans@ietf.org>; Mon, 29 Sep 2014 05:19:07 -0700 (PDT)
Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id s8TCJ57l001668 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 29 Sep 2014 14:19:05 +0200
Received: from kerio.nordu.net (kerio.nordu.net [109.105.110.42]) by smtp1.nordu.net (8.14.7/8.14.7) with ESMTP id s8TCJ0g8014132 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 29 Sep 2014 12:19:03 GMT
VBR-Info: md=nordu.net; mc=all; mv=swamid.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nordu.net; s=default; t=1411993144; bh=iIiXo9LUjnH/1HRsk2xcfVO0aTbRRHY1kmyoe5ro4qI=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=RfUtCaeI1owsetfRuhQzVgdDIVXz0kOKUZLhmobPKWsRRz98mj0s8dkTWZdD5zi/7 m3Fa1SdnVuxS9AfZKqje/TTCTcecf2DVyDgH2Xxi3XXtc2COC6rwS6YYyPsnM0nIFl CljOnho1IxgJS7v+Lbu1QU2pqwuIKrGQhWegxxbA=
X-Footer: bm9yZHUubmV0
Received: from flogsta.nordberg.se ([193.10.5.129]) (authenticated user linus@nordu.net) by kerio.nordu.net (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)); Mon, 29 Sep 2014 14:19:01 +0200
From: Linus Nordberg <linus@nordu.net>
To: Tao Effect <contact@taoeffect.com>
Organization: NORDUnet A/S
References: <878ul5tcby.fsf@nordberg.se> <BC424D29-F537-4F98-93C8-A6D35E98B9DA@taoeffect.com> <E441364F-D860-4E7A-823B-6227DBB180B7@kth.se> <9DB4CB42-68A3-4BFE-B6BF-9C24DD925EDD@taoeffect.com> <73CC8BB5-7371-4E3F-967C-4307F778FFE7@kth.se> <F621E37E-B2F9-4B0B-8A04-C442698E8A6B@taoeffect.com>
Date: Mon, 29 Sep 2014 14:20:06 +0200
In-Reply-To: <F621E37E-B2F9-4B0B-8A04-C442698E8A6B@taoeffect.com> (Tao Effect's message of "Sat, 27 Sep 2014 14:47:24 -0700")
Message-ID: <87vbo6pqix.fsf@nordberg.se>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Scanned-By: CanIt (www . roaringpenguin . com)
X-Scanned-By: MIMEDefang 2.74 on 109.105.111.32
X-p0f-Info: os=unknown unknown, link=Ethernet or modem
X-CanIt-Geo: ip=109.105.110.42; country=SE; latitude=62.0000; longitude=15.0000; http://maps.google.com/maps?q=62.0000,15.0000&z=6
X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default)
X-Canit-Stats-ID: 0aMV0j5x5 - 66e4c768d71d - 20140929
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/U1PKlHvu32WKk8kE-orz4LOyoXE
Cc: "trans@ietf.org" <trans@ietf.org>, Love =?utf-8?Q?H=C3=B6rnquist_=C3=85strand?= <lha@kth.se>
Subject: Re: [Trans] Gossiping in CT
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Sep 2014 12:19:10 -0000

Tao Effect <contact@taoeffect.com> wrote
Sat, 27 Sep 2014 14:47:24 -0700:

| On Sep 27, 2014, at 2:03 PM, Love Hörnquist Åstrand <lha@kth.se> wrote:
| 
| > So how do you keep the log honest and stop it from not adding the
| > SCT to the log ?
| > 
| > Well, by using gossip about the logs.
| 
| Sorry, don't quite understand what you're saying here...
| 
| Both SCTs (legitimate and otherwise) will happily be accepted by any
| log. Gossip won't help clients detect fraudulent certs issued by rogue
| CAs (as explained in the "Threat model" thread).

This is hard to follow. SCT's are not added to nor accepted by
logs. They are the response to a log submission. An SCT is a promise
from a log that a given certificate will be included in said log within
some time.

Detecting of fraudulent certs is done by the particular type of CT
client called a monitor.

Successful gossiping will help detecting logs presenting different views
to different clients, among them monitors. This includes malicious log
operators as well as attackers able to mount man-in-the-middle (or
man-on-the-side) attacks who are also able to sign as the log (for
example by having a copy of the logs private key).