Re: [Trans] Threat model outline, attack model
Stephen Kent <kent@bbn.com> Thu, 25 September 2014 15:07 UTC
Return-Path: <kent@bbn.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C53E71A0190 for <trans@ietfa.amsl.com>; Thu, 25 Sep 2014 08:07:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.088
X-Spam-Level:
X-Spam-Status: No, score=-3.088 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5MNBxlE_IEq for <trans@ietfa.amsl.com>; Thu, 25 Sep 2014 08:07:00 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04C2C1A00F9 for <trans@ietf.org>; Thu, 25 Sep 2014 08:06:59 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:49880 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1XXAdP-000F9K-GT for trans@ietf.org; Thu, 25 Sep 2014 11:07:07 -0400
Message-ID: <54242F8A.2080602@bbn.com>
Date: Thu, 25 Sep 2014 11:06:50 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: trans@ietf.org
References: <5411E511.1040605@bbn.com> <CABrd9STmog8-JZCg9Tfv_ToUswY=9LBcZAPQM2cqUVcO0dhAnQ@mail.gmail.com> <54173589.3000404@bbn.com> <CABrd9SRShqm1r-2ajbqD5w1s686ciyjcEvywsXZaapgmi57NsA@mail.gmail.com>
In-Reply-To: <CABrd9SRShqm1r-2ajbqD5w1s686ciyjcEvywsXZaapgmi57NsA@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/UpJEny9Q10CYjYQ9X9HoRqBp1zY
Subject: Re: [Trans] Threat model outline, attack model
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Sep 2014 15:07:02 -0000
Ben, > ... >> So the scope of mis-issuance is much broader than what I had imagined. >> >> I think we may need to add two things to 6269-bis: >> >> - normative references to CABF documents that are the basis for the >> broader >> set of cert issuance criteria that you note > This seems sensible. Note, though, that I would not want to constrain > mis-issue to be solely defined by CABF. Part of the point is that > anyone can monitor any aspect of issuance they want, and if they think > something is wrong, raise it to appropriate authorities... Mis-issuance is the primary (sole?) rationale for CT, so I am not comfortable with the notion that mis-issuance is not well-defined. >> - maybe two appendices to enumerate the criteria. this will be critical >> if >> if the CABF docs contain other criteria that are outside the scope of >> CT, >> e.g., criteria that cannot be evaluated based on what is logged. > It would certainly be interesting to know though I don't think it is > essential - an example of something CT cannot reveal is who generates > the key (obviously it is bad practice for CAs to do this for their > customers - I don't know if BRs or EV ban the practice though - in any > case, CT would not tell you who did it). I'm puzzled; how would CT allow a Monitor to determine who generated the key pair used in a cert that was logged? I don't understand your example here. > As far as I know there are no standards in this area. Chrome contains > a blacklist of certificate hashes (from memory, its been a while since > I looked at this) - I don't know what other browsers do. Well, if we can't say how this is done, preferably based on some standard, then we can't make an argument that, after being being detected by CT, that there is a fix. If so, then the security considerations section will have to discuss this residual issue. Steve
- [Trans] Threat model outline, attack model Stephen Kent
- Re: [Trans] Threat model outline, attack model Katriel Cohn-Gordon
- [Trans] Fwd: Threat model outline, attack model Melinda Shore
- Re: [Trans] Threat model outline, attack model Ben Laurie
- Re: [Trans] Threat model outline, attack model Dmitry Belyavsky
- Re: [Trans] Threat model outline, attack model Stephen Kent
- Re: [Trans] Threat model outline, attack model Stephen Kent
- Re: [Trans] Threat model outline, attack model Stephen Kent
- Re: [Trans] Threat model outline, attack model Dmitry Belyavsky
- Re: [Trans] Threat model outline, attack model Stephen Kent
- Re: [Trans] Threat model outline, attack model Dmitry Belyavsky
- Re: [Trans] Threat model outline, attack model Ben Laurie
- Re: [Trans] Threat model outline, attack model Stephen Kent
- Re: [Trans] Threat model outline, attack model Ben Laurie
- Re: [Trans] Threat model outline, attack model Stephen Kent
- Re: [Trans] Threat model outline, attack model Ben Laurie
- Re: [Trans] Threat model outline, attack model Tao Effect
- Re: [Trans] Threat model outline, attack model Paul Wouters
- Re: [Trans] Threat model outline, attack model Tao Effect
- Re: [Trans] Threat model outline, attack model Ben Laurie
- Re: [Trans] Threat model outline, attack model Tao Effect
- Re: [Trans] Threat model outline, attack model Matt Palmer
- Re: [Trans] Threat model outline, attack model Tao Effect
- Re: [Trans] Threat model outline, attack model Ralph Holz
- Re: [Trans] Threat model outline, attack model Ben Laurie
- Re: [Trans] Threat model outline, attack model Tao Effect
- Re: [Trans] Threat model outline, attack model Tao Effect
- Re: [Trans] Threat model outline, attack model Matt Palmer
- Re: [Trans] Threat model outline, attack model Greg
- Re: [Trans] Threat model outline, attack model Gervase Markham
- Re: [Trans] Threat model outline, attack model Stephen Kent
- Re: [Trans] Threat model outline, attack model Stephen Kent
- Re: [Trans] Threat model outline, attack model Ralph Holz
- Re: [Trans] Threat model outline, attack model Ben Laurie
- Re: [Trans] Threat model outline, attack model Stephen Kent
- Re: [Trans] Threat model outline, attack model David Leon Gil
- Re: [Trans] Threat model outline, attack model Tao Effect
- Re: [Trans] Threat model outline, attack model Stephen Kent