IETF Logo Mail Archive

Re: [Trans] AD Review: draft-ietf-trans-gossip-04

Tom Ritter <tom@ritter.vg> Sun, 05 November 2017 05:18 UTC

Return-Path: <tom@ritter.vg>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71E9313FB10 for <trans@ietfa.amsl.com>; Sat, 4 Nov 2017 22:18:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ritter.vg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sn9ERxxWNPn5 for <trans@ietfa.amsl.com>; Sat, 4 Nov 2017 22:18:49 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4097C13FB2E for <trans@ietf.org>; Sat, 4 Nov 2017 22:18:49 -0700 (PDT)
Received: by mail-qk0-x236.google.com with SMTP id x195so1905095qkb.12 for <trans@ietf.org>; Sat, 04 Nov 2017 22:18:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=3CYQMvaEGXVmQ7DulgXRe69pTjVG6KC03vK1oNJPhlw=; b=2krHju2+sGlYsbJj1WxspD1f0COoqAE3ZeJyMuBI3aihWGMgYrgQ9ZAhsnvgZ5z98r rf9W433OwnrbbI/H0VuC240ejl47BjUWofu+A5cAaVSZV5S8i0AClj6zwP7HSk2m17yF SkJH3z+6ESveDOWNIUSlJIHx4hP/+BBfX8vUc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=3CYQMvaEGXVmQ7DulgXRe69pTjVG6KC03vK1oNJPhlw=; b=jyMgV7nTcPO/7ptqQvFIj9Oks+B+Y88vpSpopafBFw8ZJc2txa7HkR5bJKqcv3LLqQ 55oJ3kHj29PsrCvdURAhFCkMZMt3ND+0YAiYYJV56J4mFREIRH2QKnBshR7f/aqSRJIO NvIUZq6XDElrodQbZc9CfNz7+H8Qu/ZuWLm2NRkChmmOavYPuPkRNxpmtuHm4ciw2NHS Rj6857UWjNK/Rs/Mp+cc+V9c/r6xY/74y+uKD6wHewHqxgP58nofAYan8D+s6wVIhstI 1njlxvIWBvXFwHoL2dgeAf7NrAG1vNS8IOiDFP8Vw5W7SEtshhQFowT89V9TuCbyRepd WKpQ==
X-Gm-Message-State: AJaThX6Mg7FwejT0Kw4PAHxqB1qaCR5J1zoICyXJ4MI0fp22lyquDk6e hmhJ5qXwcfDeULjt26Ke38YERxH3qoDGP763zSBWYMbY
X-Google-Smtp-Source: ABhQp+SU3JaCyyK3/fOOl8BhxdIacjEBtiGYOAxbLfGlH46luUGBcjhZdxYXaYVeb2Rt+vqh4zr6YTMFl5y6eyoeP8A=
X-Received: by 10.55.65.22 with SMTP id o22mr10505918qka.272.1509859128115; Sat, 04 Nov 2017 22:18:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.108.53 with HTTP; Sat, 4 Nov 2017 22:18:27 -0700 (PDT)
In-Reply-To: <CAL02cgSyB4bdjJs=iGsQFmuwPZoQTTjhrwu=ivL5rBB7EWOjNw@mail.gmail.com>
References: <CABcZeBM6=26ojcoMfkq5205z7UvCSQuhkg0PrR2_bjP-ps7W0g@mail.gmail.com> <CAL02cgSyB4bdjJs=iGsQFmuwPZoQTTjhrwu=ivL5rBB7EWOjNw@mail.gmail.com>
From: Tom Ritter <tom@ritter.vg>
Date: Sun, 05 Nov 2017 00:18:27 -0500
Message-ID: <CA+cU71monniqd1H9=gss2ZTJtBNVdBOXXx6=SDqBuFqHGKEEhA@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: Eric Rescorla <ekr@rtfm.com>, Trans <trans@ietf.org>, draft-ietf-trans-gossip@tools.ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/YEmTjjaOKtxxW87B4hjIsD7RErA>
Subject: Re: [Trans] AD Review: draft-ietf-trans-gossip-04
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2017 05:18:52 -0000

I'm going to cherry pick a single thing to ask about before we try to
address everything.

On 16 October 2017 at 16:41, Richard Barnes <rlb@ipv.sx> wrote:
> As far as SCT feedback, note that the
> privacy issues here (around server tracking) are unnecessary to meet the
> need here -- only the auditor needs to see the SCTs, not the server.  If you
> had a way for clients to encrypt SCTs to specific auditors, you would no
> longer have an issue with server tracking.
>
> ...
>
> 2. Add a through-encryption modality for SCT feedback

This is an interesting idea. However, I'm worried it's infeasible
because of abuse concerns.

A client needs to pass the (encrypted) SCT through a third party to
prevent the auditor from knowing who visited a particular site. But
the third party has no assurance that the payload is a valid SCT and
not garbage, so there's DOS concerns. Even if we waved the crypto
magic wand (I would be surprised if there wasn't a crypto primitive
for this problem, I didn't search), the third party is essentially
opening itself to being given every SCT in the log.

Attempts at putting a cap on the data received open the doors to
flooding attacks that would fill up any cap before the client can
provide its data.

Am I thinking about the design the same way you were? Do you think
this is a problem, and if so, know how you'd work around it?

-tom

v2.23.0 | Report a Bug | By Email