Re: [Trans] AD Review: draft-ietf-trans-gossip-04
Richard Barnes <rlb@ipv.sx> Mon, 06 November 2017 03:52 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F1D113FAE7 for <trans@ietfa.amsl.com>; Sun, 5 Nov 2017 19:52:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJnsHHObCVER for <trans@ietfa.amsl.com>; Sun, 5 Nov 2017 19:52:48 -0800 (PST)
Received: from mail-wr0-x22b.google.com (mail-wr0-x22b.google.com [IPv6:2a00:1450:400c:c0c::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 684E913FAE2 for <trans@ietf.org>; Sun, 5 Nov 2017 19:52:48 -0800 (PST)
Received: by mail-wr0-x22b.google.com with SMTP id y9so7304632wrb.2 for <trans@ietf.org>; Sun, 05 Nov 2017 19:52:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=o4jBtmX14MAZf35y/Wjy+3ZT5QNHbwfLCvfE1pqbfWg=; b=MR3alwzMFppE4F7hPES80Ypb9ogkigB4vlLVxrnROAqVAYpNMmkNtOR04+K9I7F24x iizDbMRCssNt9C3+5ZJyn20T2X77d0Xus/4Gi66eVvs5OJz1RRMTc3NgMsHXKA/NBGqF j/VWKzPEQyl6hB8XlzR7T0yfMbDMwEt57wzIzeZ1IbiehvfWgrlWHnFIa/z5bZQ8mxxl u7G+M8xh49aSCBIzGDiqJm8UjFcdQsglc+2hB8YyXpLEMxed6LtuHBd9BSrLF7h1zLOG 4Basf7A+laLry89LuLxnrKkzlNA4dkdooi5xfV3YEOX/PdWhMcBIWNfit7ONrI3Yoq5A uRqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=o4jBtmX14MAZf35y/Wjy+3ZT5QNHbwfLCvfE1pqbfWg=; b=JCCPW7ezLew4gUa94vOLHcLQSsdolc6QyIVjIc9vIWeU6YV5YEc0+FNChGQijlDxo2 p/RO2TApuj5AOWlifp05BlWdVJE8GHhNlQM+NzRrT7scPAl5uQpUQ3R95zTwDuiNk27g jk3EkToYtrZ92Vgi420WZJ6OdCJ24mDOGQC9IuQl65zS+BplgVrpp/U1VVUIn22RY3N+ nPR9pHdY4T9lh0ErtIphLoGbih525ONKIX50oNMOHutsZaGTLAtrCHnK7WHZ1DRaVSry J2olBWotcNYqgTcardpQFkaukH8tJTpYUO6dNCmZpHJSt2Z+pB23awfk3Ca9LYfRqO5/ A74A==
X-Gm-Message-State: AMCzsaU6KKrqLYaqJINS34LckXMnq99fu3fqXxoDeToXJcvzDiIQwwHv nAJtLu1qe3r63u605ncBD3Zj2GwLbBcWZo/GE+Y5PA==
X-Google-Smtp-Source: ABhQp+TzIxCW7PJBWrJXe5BuJnlbjZWvnTKEpUOZ5W2Xo5Oaj5ucCOqXj2sZ9TMn37U8/E9gkHWB2V5szusD/k8H9ZU=
X-Received: by 10.223.196.156 with SMTP id m28mr12334939wrf.67.1509940366782; Sun, 05 Nov 2017 19:52:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.28.174.81 with HTTP; Sun, 5 Nov 2017 19:52:46 -0800 (PST)
In-Reply-To: <CA+cU71monniqd1H9=gss2ZTJtBNVdBOXXx6=SDqBuFqHGKEEhA@mail.gmail.com>
References: <CABcZeBM6=26ojcoMfkq5205z7UvCSQuhkg0PrR2_bjP-ps7W0g@mail.gmail.com> <CAL02cgSyB4bdjJs=iGsQFmuwPZoQTTjhrwu=ivL5rBB7EWOjNw@mail.gmail.com> <CA+cU71monniqd1H9=gss2ZTJtBNVdBOXXx6=SDqBuFqHGKEEhA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Sun, 05 Nov 2017 22:52:46 -0500
Message-ID: <CAL02cgQEYGMgfb3fxt8AniwgjUYMhNtio=Py+iYRSRzbaOztkg@mail.gmail.com>
To: Tom Ritter <tom@ritter.vg>
Cc: Eric Rescorla <ekr@rtfm.com>, Trans <trans@ietf.org>, draft-ietf-trans-gossip@tools.ietf.org
Content-Type: multipart/alternative; boundary="f403045f548631c669055d48630d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/VDvBtg57PoK6fiNc04X4FS57OHs>
Subject: Re: [Trans] AD Review: draft-ietf-trans-gossip-04
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 03:52:50 -0000
On Sun, Nov 5, 2017 at 1:18 AM, Tom Ritter <tom@ritter.vg> wrote: > I'm going to cherry pick a single thing to ask about before we try to > address everything. > > On 16 October 2017 at 16:41, Richard Barnes <rlb@ipv.sx> wrote: > > As far as SCT feedback, note that the > > privacy issues here (around server tracking) are unnecessary to meet the > > need here -- only the auditor needs to see the SCTs, not the server. If > you > > had a way for clients to encrypt SCTs to specific auditors, you would no > > longer have an issue with server tracking. > > > > ... > > > > 2. Add a through-encryption modality for SCT feedback > > This is an interesting idea. However, I'm worried it's infeasible > because of abuse concerns. > > A client needs to pass the (encrypted) SCT through a third party to > prevent the auditor from knowing who visited a particular site. But > the third party has no assurance that the payload is a valid SCT and > not garbage, so there's DOS concerns. Even if we waved the crypto > magic wand (I would be surprised if there wasn't a crypto primitive > for this problem, I didn't search), the third party is essentially > opening itself to being given every SCT in the log. > > Attempts at putting a cap on the data received open the doors to > flooding attacks that would fill up any cap before the client can > provide its data. > > Am I thinking about the design the same way you were? Do you think > this is a problem, and if so, know how you'd work around it? > TBH, I don't think I had considered the DoS issues. Now that you mention it, I'm not sure I really buy the premises of the operational model the document presumes for servers. If I were building a server, why would I not just ship off a batch to the auditor whenever my storage fills up? Assuming that's in the realm of plausible server architectures, now you're relying on the server's altruism to protect the log from DoS, and altruism rarely scales. And even if all the servers are well-behaved, a malefactor can spam the auditor's SCT feedback endpoint directly if he wants to. In other words, the auditor has a DoS problem here regardless of through-encryption. The only question is whether it has to just check signatures or also decrypt; one public-key operation or two. --Richard
- [Trans] AD Review: draft-ietf-trans-gossip-04 Eric Rescorla
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Richard Barnes
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Tom Ritter
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Tom Ritter
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Richard Barnes
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Tom Ritter
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Tom Ritter
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Melinda Shore
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Linus Nordberg
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Linus Nordberg
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Eric Rescorla
- Re: [Trans] AD Review: draft-ietf-trans-gossip-04 Tom Ritter