Re: [Trans] Threat model outline, attack model

Stephen Kent <kent@bbn.com> Thu, 25 September 2014 15:07 UTC

Return-Path: <kent@bbn.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C53E71A0190 for <trans@ietfa.amsl.com>; Thu, 25 Sep 2014 08:07:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.088
X-Spam-Level:
X-Spam-Status: No, score=-3.088 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5MNBxlE_IEq for <trans@ietfa.amsl.com>; Thu, 25 Sep 2014 08:07:00 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04C2C1A00F9 for <trans@ietf.org>; Thu, 25 Sep 2014 08:06:59 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:49880 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1XXAdP-000F9K-GT for trans@ietf.org; Thu, 25 Sep 2014 11:07:07 -0400
Message-ID: <54242F8A.2080602@bbn.com>
Date: Thu, 25 Sep 2014 11:06:50 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: trans@ietf.org
References: <5411E511.1040605@bbn.com> <CABrd9STmog8-JZCg9Tfv_ToUswY=9LBcZAPQM2cqUVcO0dhAnQ@mail.gmail.com> <54173589.3000404@bbn.com> <CABrd9SRShqm1r-2ajbqD5w1s686ciyjcEvywsXZaapgmi57NsA@mail.gmail.com>
In-Reply-To: <CABrd9SRShqm1r-2ajbqD5w1s686ciyjcEvywsXZaapgmi57NsA@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/UpJEny9Q10CYjYQ9X9HoRqBp1zY
Subject: Re: [Trans] Threat model outline, attack model
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Sep 2014 15:07:02 -0000

Ben,

> ...
>> So the scope of mis-issuance is much broader than what I had imagined.
>>
>> I think we may need to add two things to 6269-bis:
>>
>>      - normative references to CABF documents that are the basis for the
>> broader
>>        set of cert issuance criteria that you note
> This seems sensible. Note, though, that I would not want to constrain
> mis-issue to be solely defined by CABF. Part of the point is that
> anyone can monitor any aspect of issuance they want, and if they think
> something is wrong, raise it to appropriate authorities...
Mis-issuance is the primary (sole?) rationale for CT, so I am not 
comfortable
with the notion that mis-issuance is not well-defined.

>>      - maybe two appendices to enumerate the criteria. this will be critical
>> if
>>        if the CABF docs contain other criteria that are outside the scope of
>> CT,
>>        e.g., criteria that cannot be evaluated based on what is logged.
> It would certainly be interesting to know though I don't think it is
> essential - an example of something CT cannot reveal is who generates
> the key (obviously it is bad practice for CAs to do this for their
> customers - I don't know if BRs or EV ban the practice though - in any
> case, CT would not tell you who did it).
I'm puzzled; how would CT allow a Monitor to determine who generated the
key pair used in a cert that was logged? I don't understand your example 
here.
> As far as I know there are no standards in this area. Chrome contains
> a blacklist of certificate hashes (from memory, its been a while since
> I looked at this) - I don't know what other browsers do.
Well, if we can't say how this is done, preferably based on some standard,
then we can't make an argument that, after being being detected by CT, that
there is a fix. If so, then the security considerations section will have to
discuss this residual issue.

Steve