IETF Logo Mail Archive

Re: [Trans] Write-up of the "Strict CT" variant

Magnus Ahltorp <map@kth.se> Wed, 07 June 2017 14:36 UTC

Return-Path: <map@kth.se>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EAC912EC7C for <trans@ietfa.amsl.com>; Wed, 7 Jun 2017 07:36:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9uStfv546nBa for <trans@ietfa.amsl.com>; Wed, 7 Jun 2017 07:36:24 -0700 (PDT)
Received: from smtp-4.sys.kth.se (smtp-4.sys.kth.se [IPv6:2001:6b0:1:1300:250:56ff:fea6:2de3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E68512EC81 for <trans@ietf.org>; Wed, 7 Jun 2017 07:36:23 -0700 (PDT)
Received: from smtp-4.sys.kth.se (localhost.localdomain [127.0.0.1]) by smtp-4.sys.kth.se (Postfix) with ESMTP id B9DEA427; Wed, 7 Jun 2017 16:36:21 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at kth.se
Received: from smtp-4.sys.kth.se ([127.0.0.1]) by smtp-4.sys.kth.se (smtp-4.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id QAe9xTvHT767; Wed, 7 Jun 2017 16:36:21 +0200 (CEST)
Received: from [IPv6:::1] (s17.lan.kth.se [IPv6:2001:6b0:1:1d20:214:c2ff:fe3a:5eec]) by smtp-4.sys.kth.se (Postfix) with ESMTPS id 35E521C05; Wed, 7 Jun 2017 16:36:17 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Magnus Ahltorp <map@kth.se>
In-Reply-To: <CAErg=HGHRWSytrbU_pu0qj_q3w-FJLjnEYC7vefr0-AOHcVhpA@mail.gmail.com>
Date: Wed, 07 Jun 2017 16:36:17 +0200
Cc: Eran Messeri <eranm@google.com>, "trans@ietf.org" <trans@ietf.org>, Jacob Hoffman-Andrews <jsha@eff.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3EA1C32B-B6A6-44BA-8E10-7053684B1732@kth.se>
References: <CALzYgEeUCmj4BgY7uKdMnsvTcbvfAunquuqHxD7FxuzZxY1=Fg@mail.gmail.com> <0dd84938-9625-c6c8-5f31-d5d0d0683c5c@eff.org> <D1C7ADE2-DA28-4F29-A0AB-482435CD2B15@kth.se> <CAErg=HGxU7dnd1kifeCph8jTR6eLJn2GZ9=KehiyLpLgwTne=g@mail.gmail.com> <3EE25497-89C9-47D3-B65C-836087F66344@kth.se> <CAErg=HGHRWSytrbU_pu0qj_q3w-FJLjnEYC7vefr0-AOHcVhpA@mail.gmail.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/bxlwJGnsrwiTtWGqFGob3PAZMsg>
Subject: Re: [Trans] Write-up of the "Strict CT" variant
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 14:36:28 -0000

7 June 2017 15:57 Ryan Sleevi <ryan-ietf@sleevi.com> wrote:

>> It is definitely possible to generate new timestamps and not log them, but I was rebutting "they don't have to produce the list of SCTs they've signed", which is not true, unless "don't have to" is different from "not required to". Logs are required to produce the list of all timestamps they have signed when MMD has passed. That is what it means to be a log.
> 
> I'm not sure your usage of "required" to. If you mean in the abstract, philosophical sense - yes, a well-behaving log is expected to do so.
> 
> However, an evil log can lie - and not produce such timestamps, by not integrating them into the log, despite having signed them. Which was the point - only an Honest Log can audit the production of all of its SCTs and make sure they're integrated, but the concern here is about a Dishonest Log, which would only integrate some of the SCTs into the STH. 

But then "they don't have to produce the list of SCTs they've signed" would be a meaningless statement, since no action by anyone in the world would make them "have to" do anything. The only reasonable interpretation of "have to" in this context is what is called "MUST" in RFC 2119. If you mean "can do this undetected until time t", then say so.

But, in the same sentence, Jacob wrote: "IIUC, logs are allowed to produce infinite SCTs for the same cert once they've logged it", which is what I based my answer on. If the log disregards all rules and doesn't care about being discovered as a bad log, surely it wouldn't care about whether it was allowed to produce many SCTs for the same cert or not. Which means that restricting that wouldn't solve that problem.

/Magnus

v2.23.0 | Report a Bug | By Email