Re: [Trans] Threat model outline, attack model

Greg <greg@kinostudios.com> Mon, 29 September 2014 03:41 UTC

Return-Path: <greg@kinostudios.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBFAE1A6F9A for <trans@ietfa.amsl.com>; Sun, 28 Sep 2014 20:41:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.5
X-Spam-Level:
X-Spam-Status: No, score=0.5 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, J_CHICKENPOX_14=0.6, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzDo2h2uYMbk for <trans@ietfa.amsl.com>; Sun, 28 Sep 2014 20:41:46 -0700 (PDT)
Received: from homiemail-a4.g.dreamhost.com (homie.mail.dreamhost.com [208.97.132.208]) by ietfa.amsl.com (Postfix) with ESMTP id 5B2941A012D for <trans@ietf.org>; Sun, 28 Sep 2014 20:41:46 -0700 (PDT)
Received: from homiemail-a4.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a4.g.dreamhost.com (Postfix) with ESMTP id 5AA5F51C063; Sun, 28 Sep 2014 20:41:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=kinostudios.com; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; s=kinostudios.com; bh=JbQtn0duCU3BZYP 7llg4LLLVHAg=; b=XivReaN104OcMYvjj3AuO7EcmADYN6RpfIv9PjqPRU9/8fM yUmUsJZb2TH/D72LmgLMQycNJlnA7COB08MjCupcS1Hri/+N2Q+X8u+X9FUbgfz2 w1LkFadUipJP7CzmlU6msUS87KT2P9gDLjji1HH4pYfXoe35o3PyeBmo7m3c=
Received: from [192.168.42.78] (50-0-138-93.dsl.dynamic.sonic.net [50.0.138.93]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: greg@kinostudios.com) by homiemail-a4.g.dreamhost.com (Postfix) with ESMTPSA id EF77651C062; Sun, 28 Sep 2014 20:41:44 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_4EF41D2C-2EF5-40EF-9981-A2CEB0BF4FDF"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Pgp-Agent: GPGMail 2.1 (f76fd85)
From: Greg <greg@kinostudios.com>
In-Reply-To: <20140928223529.GB28050@hezmatt.org>
Date: Sun, 28 Sep 2014 20:41:44 -0700
X-Mao-Original-Outgoing-Id: 433654904.573875-54e8d8ffa90cde2f6e8c123e1f6000d5
Message-Id: <BB9EA427-CDDE-4DBC-ADA4-1D845C265FA4@kinostudios.com>
References: <54242F8A.2080602@bbn.com> <CABrd9SSwAdv-mAgofNT6bMWky7q=bZhAaX=L4gZUQDkROQ-3ZA@mail.gmail.com> <54258AF0.7090602@bbn.com> <4842B04F-A058-4F3C-9DA3-F29735EC7570@taoeffect.com> <alpine.LFD.2.10.1409262236210.27616@bofh.nohats.ca> <FC4A18E2-A42C-472F-B9FE-2278BB5A0BBA@taoeffect.com> <CABrd9SQBuQO1wrv7s06aT-GGyeWmu2sFzJrH6a+t81aq-dei+w@mail.gmail.com> <77D4B290-D2C8-44D7-AF84-A0A1B91B9557@taoeffect.com> <20140927211940.GP28050@hezmatt.org> <CF7C1E45-159E-41AF-A1A8-C8CC8D28088C@kinostudios.com> <20140928223529.GB28050@hezmatt.org>
To: Matt Palmer <mpalmer@hezmatt.org>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/bdnBG4qsBabHZKHYqndx_03orR8
Cc: trans@ietf.org
Subject: Re: [Trans] Threat model outline, attack model
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Sep 2014 03:41:48 -0000

Dear Matt,

On Sep 28, 2014, at 3:35 PM, Matt Palmer <mpalmer@hezmatt.org> wrote:

> I had nothing to do with the content on that webpage.  Not everyone
> interested in CT works for Google, y'know.

Right you are, my apologies, I should have said "Google's documentation".

>> "we think “every major CA” is within limits of feasibility"
>> 
>> http://www.certificate-transparency.org/faq
> 
>> And using Jacob's numbers from here:
>> 
>> http://www.ietf.org/mail-archive/web/therightkey/current/msg00745.html
> 
> The word "major" does not appear anywhere in the content of that resource.
> Thus, you're comparing apples with oranges -- the Google CT FAQ suggests
> that "every major CA" may run a log, while your resource says there may be
> between "more than 1200" and 1832 CA certificates (total, comprising both
> roots and intermediates) in active existence, but with no indication of how
> many of those may be considered "major".


Thank you (and Ralph) for bringing this up!

I've updated the blog post to add this sentence in bold underneath the attack picture (at the end of claim #1):

Edit September 28, 2014: The number of CAs out there is disputed [1], and not all CAs will necessarily [2] have their own log.

[1] http://www.ietf.org/mail-archive/web/trans/current/msg00604.html
[2] http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/www.ietf.org/mail-archive/web/trans/current/msg00606.html

Kind regards,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.