Re: [Trans] Gossiping in CT

Love Hörnquist Åstrand <lha@kth.se> Sat, 27 September 2014 21:04 UTC

Return-Path: <lha@kth.se>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B91401A0331 for <trans@ietfa.amsl.com>; Sat, 27 Sep 2014 14:04:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.137
X-Spam-Level:
X-Spam-Status: No, score=-2.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOgEaNeWLTDn for <trans@ietfa.amsl.com>; Sat, 27 Sep 2014 14:04:07 -0700 (PDT)
Received: from smtp-3.sys.kth.se (smtp-3.sys.kth.se [IPv6:2001:6b0:1:1300:250:56ff:fea6:2de2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F6331A0322 for <trans@ietf.org>; Sat, 27 Sep 2014 14:04:06 -0700 (PDT)
Received: from smtp-3.sys.kth.se (localhost.localdomain [127.0.0.1]) by smtp-3.sys.kth.se (Postfix) with ESMTP id C19B96BA; Sat, 27 Sep 2014 23:04:04 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at kth.se
Received: from smtp-3.sys.kth.se ([127.0.0.1]) by smtp-3.sys.kth.se (smtp-3.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id hyKrPpvaKnfb; Sat, 27 Sep 2014 23:03:54 +0200 (CEST)
Received: from EXHUB2.ug.kth.se (exhub2.ug.kth.se [130.237.32.137]) by smtp-3.sys.kth.se (Postfix) with ESMTPS id BD6BE26FC; Sat, 27 Sep 2014 23:03:43 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kth.se; s=default; t=1411851834; bh=2Y9JhKZbF/TqAnyVn8sBIQUIjk0L3L12UulvK3mDj3Y=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=JB9UkEAAmxTISGKSoLVy+dpFuVN/6q0uRziJhmb4PdN4JrVYKY9uvyPOK9Jp3piTV zWH8gFmvwYq0I/SXudKXN90TdWyL6CTKbw04aZ3YBLZXOeEvvaWgA843VEJOFoXPtF L4OWAKFtwXJ4MfB7/z0nDSvtO4+t7aqpp8piu1a0=
Received: from EXDB1.ug.kth.se ([169.254.1.81]) by EXHUB2.ug.kth.se ([130.237.32.137]) with mapi id 14.03.0169.001; Sat, 27 Sep 2014 23:03:01 +0200
From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= <lha@kth.se>
To: Tao Effect <contact@taoeffect.com>
Thread-Topic: [Trans] Gossiping in CT
Thread-Index: AQHP2lfmERNm1Zg/Kku+1GEoYDckLJwVFfYAgAA1f6H//+w6AIAAQHgN
Date: Sat, 27 Sep 2014 21:03:00 +0000
Message-ID: <73CC8BB5-7371-4E3F-967C-4307F778FFE7@kth.se>
References: <878ul5tcby.fsf@nordberg.se>, <BC424D29-F537-4F98-93C8-A6D35E98B9DA@taoeffect.com> <E441364F-D860-4E7A-823B-6227DBB180B7@kth.se>, <9DB4CB42-68A3-4BFE-B6BF-9C24DD925EDD@taoeffect.com>
In-Reply-To: <9DB4CB42-68A3-4BFE-B6BF-9C24DD925EDD@taoeffect.com>
Accept-Language: sv-SE, en-US
Content-Language: sv-SE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/aBVeDkgR9YLeKvHMKda0aDzOmFs
Cc: "trans@ietf.org" <trans@ietf.org>, Linus Nordberg <linus@nordu.net>
Subject: Re: [Trans] Gossiping in CT
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Sep 2014 21:04:09 -0000

>> - Auditor finds the fraudulent issued cert
> 
> Exactly how will the Auditor do that?

By looking at logs that the clients care about. You claim that there will be thousands of logs, I somewhat don't think so since then there will be thousands of logs the ca will send the cert to be issuing it, and that is not reasonable.

So how do you keep the log honest and stop it from not adding the SCT to the log ?

Well, by using gossip about the logs.

You are claiming that PKIX and Internet roots are a hopeless endeavor, and I somewhat agree, you seem to want us to switch to namecoin and forget about Internet roots, and I see that as even more hopeless endeavor short term.

Short term CT will make a difference. If you disagree, then there is not much more we can do then agree to disagree.

Love