Re: [Trans] The trans threat analysis document
Ryan Sleevi <ryan-ietf@sleevi.com> Mon, 10 September 2018 23:16 UTC
Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4550D131036 for <trans@ietfa.amsl.com>; Mon, 10 Sep 2018 16:16:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2JJWJht_M1zw for <trans@ietfa.amsl.com>; Mon, 10 Sep 2018 16:16:03 -0700 (PDT)
Received: from pdx1-sub0-mail-a20.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D06D131012 for <trans@ietf.org>; Mon, 10 Sep 2018 16:16:03 -0700 (PDT)
Received: from pdx1-sub0-mail-a20.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a20.g.dreamhost.com (Postfix) with ESMTP id D0F2781043 for <trans@ietf.org>; Mon, 10 Sep 2018 16:16:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=KKadz6C3CDkftmJ1iyAMavgvZTM=; b= cU3Ga2yJ4c6ThlgC0YWvikLoEFAE3SYyHPtrh/r2ljT26SjUW8BflAN717V/rUAh oZJgS1T4VVO9NgWPyzx5tt+Mw6PF2o87vNdr3/XCIEYdrsAB5Be45GEXxXD18qyf Ty66aZ5iPap4xk0MvpiwgL0H8CGmdWCgiYtct2syAcQ=
Received: from mail-it0-f54.google.com (mail-it0-f54.google.com [209.85.214.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by pdx1-sub0-mail-a20.g.dreamhost.com (Postfix) with ESMTPSA id BF11881033 for <trans@ietf.org>; Mon, 10 Sep 2018 16:16:01 -0700 (PDT)
Received: by mail-it0-f54.google.com with SMTP id h20-v6so31016286itf.2 for <trans@ietf.org>; Mon, 10 Sep 2018 16:16:01 -0700 (PDT)
X-Gm-Message-State: APzg51ADXeURydswwWEtIClAOhg4FjYP7IHRIrfItA07tQf0b4f5NxUA oSvfslTZK5SSbl4PnWsyWzp4MGuC6b0kwNvJbTc=
X-Google-Smtp-Source: ANB0VdYkLfU/Y/QFMOo1QYKZzV15rzAlYvmxE/2YJSYNZ4rh5KKdJwWY90HE7ToL4uQn/1XHcvXAWQs42lSKzYkugGQ=
X-Received: by 2002:a24:bc84:: with SMTP id n126-v6mr18386979ite.152.1536621361140; Mon, 10 Sep 2018 16:16:01 -0700 (PDT)
MIME-Version: 1.0
References: <f001cfa3-e0bc-7d38-a240-4e5164e290f0@gmail.com> <53C30786-DFBA-4E6E-8C14-8224470911A0@akamai.com> <03d7a8c3-a574-c944-f4f2-115abeafabca@gmail.com> <BN6PR14MB1106071D07EF07942F56D8A783230@BN6PR14MB1106.namprd14.prod.outlook.com> <alpine.LRH.2.21.1808032129070.6487@bofh.nohats.ca> <1a1badda-c856-d010-1222-3cecf1ad3a2b@nist.gov> <alpine.LRH.2.21.1808262210380.19442@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1808262210380.19442@bofh.nohats.ca>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Mon, 10 Sep 2018 19:15:49 -0400
X-Gmail-Original-Message-ID: <CAErg=HHGgM6faNVsTVXx5q_zNAdpax0yEeqDcta__Jf0VCW0uw@mail.gmail.com>
Message-ID: <CAErg=HHGgM6faNVsTVXx5q_zNAdpax0yEeqDcta__Jf0VCW0uw@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: "David A. Cooper" <david.cooper@nist.gov>, stephentkent@gmail.com, Trans <trans@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000629c2405758c8ac1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/bpci5z7f8yt2I6jtD5GwekCkMqI>
Subject: Re: [Trans] The trans threat analysis document
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Sep 2018 23:16:17 -0000
On Sun, Aug 26, 2018 at 10:19 PM Paul Wouters <paul@nohats.ca> wrote: > On Thu, 23 Aug 2018, David A. Cooper wrote: > > I would also like to note again, given the nature of > > https://www.ietf.org/mail-archive/web/trans/current/msg03225.html, that > I submitted the comments on May 9 > > specifically because of a request from the WG chairs > > (https://www.ietf.org/mail-archive/web/trans/current/msg03146.html) to > "please review the entire document." So, any > > implication that there was something inappropriate about submitting > comments on new issues after draft -13 was > > published is rather unfortunate. > > Indeed. Due to the long delays between draft versions we encouraged > people to look at the entire document again. And seeing how it has > taken a lot of time again, any new WGLC on this document would also > be phrased like this. > I've been working to review the latest changes from Draft-15, and conducting this as a complete and comprehensive review. I am fairly concerned with the state of the document, in terms of conflicts between various descriptions, alternating between descriptive and prescriptive advice, multiple absolutes (e.g. "Only if", "unless a") for unknown or unimplemented quantities, and both omissions of attacks that have been discussed rather substantially in the CT space - such as maliciously logged certificates, which touches on everything from redaction to revocation - and its inclusion of attacks that are not relevant or applicable for the described problem space (Web PKI). I've been working to gather rather comprehensive feedback on this, but in reviewing that with others to make sure I've not missed something, it was pointed out to me the ambiguous state of where this document stands and whether such feedback is valuable and useful to the efforts of the WG. Could the chairs clarify: Given Draft-15 has been published, is there an intent to surface a new WGLC? Or is the view that Draft-15 should only address the specific feedback raised, and no new issues can be noted? As it stands, I don't believe the document is reflective of the existing or proposed CT ecosystem as it relates to the Web PKI, nor accurate in the problems it does describe or addressing the problems that many in the ecosystem are concerned about.
- [Trans] The trans threat analysis document Melinda Shore
- Re: [Trans] The trans threat analysis document Salz, Rich
- Re: [Trans] The trans threat analysis document Paul Wouters
- Re: [Trans] The trans threat analysis document Salz, Rich
- Re: [Trans] The trans threat analysis document Stephen Kent
- Re: [Trans] The trans threat analysis document Tim Hollebeek
- Re: [Trans] The trans threat analysis document Paul Wouters
- Re: [Trans] The trans threat analysis document Salz, Rich
- Re: [Trans] The trans threat analysis document David A. Cooper
- Re: [Trans] The trans threat analysis document Melinda Shore
- Re: [Trans] The trans threat analysis document David A. Cooper
- Re: [Trans] The trans threat analysis document Paul Wouters
- Re: [Trans] The trans threat analysis document Stephen Kent
- Re: [Trans] The trans threat analysis document Ryan Sleevi
- Re: [Trans] The trans threat analysis document Melinda Shore