Re: [Trans] Volunteer opportunity! (was Re: DNSSEC also needs CT)

[Dmitry Belyavsky <beldmit@gmail.com>]

Hello Stephen,

Thank you for your reply!
My letter was composed as an answer questions you asked, so not all of my
points are in the scope of IETF.

On Mon, Jun 16, 2014 at 11:07 PM, Stephen Kent <kent@bbn.com> wrote:

>  Dmitry,
>
> My replies are inline. sorry that my mail program renumbered each of your
> bullets as I inserted my replies :-(.
>
>
>   Hello Stephen,
>
>  Here is my understanding of the question you asked.
>  Let Ben or Rob fix me if I'm wrong.
>
>
>    1.
>
>    Anybody is allowed to operate log. But there should be a procedure
>    (similar to CA/Browser forum) which is determined to register log as
>    “important” (we need a better word). There should be not many “important”
>    log servers, I suppose — otherwise we are to get the same problem as we
>    have with many CAs.
>
>  As you note, the notion of establishing some logs as "important" would
> borrow from the
> CABF, but we're the IETF and this is intended to be an IETF standard. So,
> I think this
> doc needs to address this issue in a fashion consistent with IETF
> procedures.
>
>
>    1.
>
>    Any log-server can select the list of acceptable CAs. I think that
>    “important logs” should cover all the CAs supported by major browsers.
>
>  The doc suggests this, but again, this has a CABF feel to it. IETF
> standards do not endorse
> implementations and use decisions by vendors to drive standards.
>
>
>    1.
>
>    Any log server can select the algorithm of hash for Merkle Tree and
>    for its key signing the SCTs.
>
>  That's not what the doc says; it establishes two MTI algs that all
> clients must support, while log operators are allowed to pick form between
> the two. This seems a bit backwards to me, in that it imposes the greater
> burden on the larger # of implementations.
>

I think that the document should be corrected and optional algorithms
should be taken into account too.


>
>
>    1.
>
>    Each browser should provide an editable way of managing logs. By
>    default it should be a reasonable subset of “important” logs.
>
>  The set of "important" logs might not include a CA that is important for
> a set of clients 9since log operators have complete discretion as to which
> CAs they accept) so it ought to be possible for a client to include a
> pointer to logs outside the default set.
>

Yes.


>
>
>
>    1.
>
>    Each CA can be accepted by more than one log.
>
>  "Might be" is the more accurate characterization, based on the current
> doc. There is no requirement that any log operator accept submissions from
> a specific CA. Each log operator indicates what CAs/TAs it supports.
>

Yes.

>
>
>    1.
>
>    Browsers should
>     1.
>
>       allow user to accept the cert without CT providing warning about
>       absence of CT
>        2.
>
>       allow user to specify absence of log for this or that domain
>       (non-public suffix)
>        3.
>
>       allow user to a particular log for this or that domain and return
>       an error if there is no SCT for id provided by this log.
>        4.
>
>       there should be a procedure of report about log misbehaviour in
>       case of invalid log records
>
>  These seem like reasonable suggestions, at least to begin, but none of
> them appear in the doc.
> I worry that, absent a description of minimum browser management
> interfaces for CT, we have no sense of whether users will be able to deal
> with incremental deployment.
>

So we need to specify these browser interface requirements, don't we?


>
>
>    1.
>
>    I think that warning is acceptable in case of an absence of SCTs, but
>    in case of cryptographic errors the error should be generated.
>
>  I presume you mean that if there is a crypto error, the cert should be
> rejected, a hard fail, right?
>

Yes, thank you for a correct wording. IMHO, The cert MUST be rejected if
any of SCTs is signed incorrectly. If


-- 
SY, Dmitry Belyavsky