Re: [Trans] Ticket 170
Eran Messeri <eranm@google.com> Wed, 10 May 2017 10:44 UTC
Return-Path: <eranm@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB768128C84 for <trans@ietfa.amsl.com>; Wed, 10 May 2017 03:44:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WmeXR6Ae1TBC for <trans@ietfa.amsl.com>; Wed, 10 May 2017 03:44:47 -0700 (PDT)
Received: from mail-wr0-x229.google.com (mail-wr0-x229.google.com [IPv6:2a00:1450:400c:c0c::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0806A128BBB for <trans@ietf.org>; Wed, 10 May 2017 03:44:47 -0700 (PDT)
Received: by mail-wr0-x229.google.com with SMTP id l50so37933009wrc.3 for <trans@ietf.org>; Wed, 10 May 2017 03:44:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=crAK2d3jnV8On2/ADsn10C+Tjhbb01gWATIxeupLJW8=; b=iTDnfhP/eRlX6RvKqRaG83LNgPc9wwoBwE9stBm3rCVByZARY8ekR3O1ZDJ4VGScPR q5fD9mjHXfYxVpajX3Jg5woXuMNFnxrpGTLXsqDV0yGoiy5/Ar24Oduudl7AWrAk7ZIQ Eug1+b7y5j2+N6qTRmL3hR8TCwfgrxyZmj62xh8OXjkHKiLIoxmFl0vlKXAz7jyciad2 xbTsNQ898tl+IWfkLy02+oOZv41ZpLaf3NG2hwzxECUyhcm26I+jeEi4ixdN0g0QX/hf HritRrAzDvrEL34oJVsfQIb7SjEwJT4J5avIcmyEZE6gOpU2h7z2GcxCW/7ObayBebf/ tGhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=crAK2d3jnV8On2/ADsn10C+Tjhbb01gWATIxeupLJW8=; b=TPdbqNbW0eUq0MxeHfpKF8ku67pGK4kjPSxoCQlL0ihFzNg0/uW8fRufqm4ShGxug8 iZEqP8g3YGGBsx+gnj4PlS+8WPYjENnF2zAMC4klUw2Rr6Uc/6uJ0k49iGf0X5ri+8tc qUJ6Au1nxzTDaIvaNFxytg/2scU/5HcjTAHRVcrR15lvJV8ilYUAcjA3L7TkU7DOyie8 rC+n2HmA+vbaibbWnTqyKrd1dKrgzBwu0SAP8VQ5MWFksapHTxEElTFBYq3pWdB/7Ghb GQNxpvp2+NdiJdESbtU9ksDxQi7Gee5Ov36TyWnENHPXwWEX/fDao34JyAbXI0ASMvk1 CcrQ==
X-Gm-Message-State: AODbwcDZLRzF0b1y3xq4gNtyCFV/zUGo/kHp4lGo8MFJyNqI6CzYi/MK 2bPyTAdasa39nj6IMJaKlDRLvkcNDJQnDy0=
X-Received: by 10.28.49.131 with SMTP id x125mr624247wmx.86.1494413085422; Wed, 10 May 2017 03:44:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.182.133 with HTTP; Wed, 10 May 2017 03:44:14 -0700 (PDT)
In-Reply-To: <319e0da7-2daa-e6eb-140a-17a9eb51d7cf@gmail.com>
References: <4058f163-97f9-2ba3-8730-f2f2e0b0bb5d@gmail.com> <20170509113826.69c9822ecca8b7ba833df719@andrewayer.name> <319e0da7-2daa-e6eb-140a-17a9eb51d7cf@gmail.com>
From: Eran Messeri <eranm@google.com>
Date: Wed, 10 May 2017 11:44:14 +0100
Message-ID: <CALzYgEf=xsVWm0OXMhCGnuybW3ce_9GW6VASFv2+VEt=nCy2Gg@mail.gmail.com>
To: Melinda Shore <melinda.shore@gmail.com>
Cc: Andrew Ayer <agwa@andrewayer.name>, "trans@ietf.org" <trans@ietf.org>
Content-Type: multipart/alternative; boundary="001a1142426e1b136b054f292975"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/Z761Yh3JwWfVMQYXFs1ZUIhuYPw>
Subject: Re: [Trans] Ticket 170
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2017 10:44:49 -0000
On Tue, May 9, 2017 at 8:20 PM, Melinda Shore <melinda.shore@gmail.com> wrote: > On 5/9/17 11:38 AM, Andrew Ayer wrote: > > I'm assuming logs would still be free to use the same key if they > > wanted, right? > > Right, and the question raised in the ticket was whether or > not key identiers needs to be added to the log metadata. > It's a bit more nuanced than that: We have to go through the document and specify which key should be used for signing and which key should be used for verification every time a signing operation is mentioned. Adding a second key would complicate client implementation: Clients that verify SCTs and audit them would need both keys (more metadata) and would have to choose the right one for each verification (more logic). That applies both to monitors and TLS clients. It would complicate the specification and has the potential for creating a joint that would immediately rust: If all 6962-bis logs choose to use the same key for signing SCTs and STHs then there'd be no guarantee that clients could cope with different keys for each. Andrew asserts it "might help security" but does not specify how - I assume he refers to the ability for different components of a log to be in different security domains (front-ends that can sign SCTs are in one, signers that issue STHs are in another). However, compromise of any of those security domains (either in the form of stealing key material or compelling signing of arbitrary SCTs / STHs) would create a breach of compliance with the Merkle Tree properties required in 6962-bis: * If a rogue SCT is issued, it will fail auditing - the log will not be able to produce an inclusion proof to any STH. * If a rogue STH is issued, it will fail consistency checking - the log will not be able to produce a consistency proof to other STHs. * If a rogue SCT and STH are issued, then the rogue STH will fail consistency checking. Both kinds of failure are equally bad as far as 6962-bis is concerned: Because of the tight coupling between SCT and STH signatures, I don't see the value of using a separate key for each. > > Melinda > > > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans > >
- Re: [Trans] Ticket 170 Andrew Ayer
- [Trans] Ticket 170 Melinda Shore
- Re: [Trans] Ticket 170 Melinda Shore
- Re: [Trans] Ticket 170 Eran Messeri
- Re: [Trans] Ticket 170 Linus Nordberg
- Re: [Trans] Ticket 170 Melinda Shore