IETF Logo Mail Archive

Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior

Linus Nordberg <linus@nordu.net> Wed, 21 October 2015 13:53 UTC

Return-Path: <linus@nordu.net>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A75971A0AC8 for <trans@ietfa.amsl.com>; Wed, 21 Oct 2015 06:53:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vg8bokASZ1BF for <trans@ietfa.amsl.com>; Wed, 21 Oct 2015 06:53:15 -0700 (PDT)
Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6745F1A1A90 for <trans@ietf.org>; Wed, 21 Oct 2015 06:53:11 -0700 (PDT)
Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id t9LDr8Zn020425 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 21 Oct 2015 15:53:08 +0200
Received: from kerio.nordu.net (kerio.nordu.net [109.105.110.42]) by smtp1.nordu.net (8.14.7/8.14.7) with ESMTP id t9LDr3Zg003035 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 21 Oct 2015 13:53:06 GMT
VBR-Info: md=nordu.net; mc=all; mv=swamid.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nordu.net; s=default; t=1445435587; bh=dkfFFqHn3kKRlYJYd/RHjq07ENmNlSRo8CifXqWYX9w=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=e6jSUyXbCSoWS0veFwhkOQVNVgWfbghDg8h4XUX+R2AGUpfCaV4yd8wg/yGDi/YP/ 2SK5lIbLtSD1EV+gZS37kwvrFFmSuuHpJ+qwNlKckIm/Rc8lUc3M76+2W3QS1o5vEv JrsgzJdJF0SYwjjTafZ5/3HnTk8VPybfhdIQGyy8=
X-Footer: bm9yZHUubmV0
Received: from flogsta ([193.10.5.129]) (authenticated user linus@nordu.net) by kerio.nordu.net (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)); Wed, 21 Oct 2015 15:53:01 +0200
From: Linus Nordberg <linus@nordu.net>
To: Eran Messeri <eranm@google.com>
Organization: NORDUnet A/S
References: <CA+cU71m0wpnD1ZYOTtr=oW+1BjquFxyagtMt+wgCgC_PD0PE-g@mail.gmail.com> <CABrd9SQd2RETKQWe9-_KCHufAWjBhs2k008vEz-5cyM_gbY4Qw@mail.gmail.com> <E1812BE0-BD94-4050-95DB-C0483303AFF2@isoc.org> <CABEqWMC=pJUMEn8DxxTn6VTBs9hpayC-ZVUwcGdvg=PEw-Q=Rg@mail.gmail.com> <CALzYgEfsEOyuo9Ez2JqoMJ=WzZ3mFY+eTe6L2F6ZSLJEiVJAJQ@mail.gmail.com> <CA+cU71=YMq3jJhdnv_CqmteUhRnnxYmbpjQ=hN0DhFbBoy+ERg@mail.gmail.com> <CALzYgEcnW-Gm5jjv3cGj-MTPO9TA2u8sVpuJU8ML8dPi-ynKRA@mail.gmail.com>
Date: Wed, 21 Oct 2015 15:52:58 +0200
In-Reply-To: <CALzYgEcnW-Gm5jjv3cGj-MTPO9TA2u8sVpuJU8ML8dPi-ynKRA@mail.gmail.com> (Eran Messeri's message of "Tue, 20 Oct 2015 16:32:28 +0100")
Message-ID: <87fv142urp.fsf@nordberg.se>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: CanIt (www . roaringpenguin . com)
X-Scanned-By: MIMEDefang 2.74 on 109.105.111.32
X-p0f-Info: os=unknown unknown, link=Ethernet or modem
X-CanIt-Geo: ip=109.105.110.42; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6
X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default)
X-Canit-Stats-ID: 0aPvNR8Ko - 1e9a5e066334 - 20151021
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral (e-mailfilter02.sunet.se: 109.105.110.42 is neither permitted nor denied by domain linus@nordu.net) receiver=e-mailfilter02.sunet.se; client-ip=109.105.110.42; envelope-from=<linus@nordu.net>; helo=smtp1.nordu.net; identity=mailfrom
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/dXyxWqUg0B6ZvYEIoQ3bsjxKRpw>
Cc: Katriel Cohn-Gordon <me@katriel.co.uk>, Robin Wilton <wilton@isoc.org>, "trans@ietf.org" <trans@ietf.org>, Tom Ritter <tom@ritter.vg>
Subject: Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2015 13:53:16 -0000

Eran Messeri <eranm@google.com> wrote
Tue, 20 Oct 2015 16:32:28 +0100:

| On Tue, Oct 20, 2015 at 4:22 PM, Tom Ritter <tom@ritter.vg> wrote:
| 
| > On 20 October 2015 at 08:46, Eran Messeri <eranm@google.com> wrote:
| > > +1 for reporting it backed to the alleged origin - the problem Tom
| > describes
| > > is significant as the client would want to hold onto these suspicious
| > pieces
| > > of information until it is confident it has been reported, but has no
| > way of
| > > knowing if the report has been acknowledged by the 'genuine' origin.
| > >
| > > One option is to not prescribe when clients drop such pieces of
| > information,
| > > so clients are free to re-send it multiple times or even forever, until
| > an
| > > out-of-band signal (i.e. a client software update) is received to
| > indicate
| > > to the client that this information has been received and acted upon.
| >
| > So reporting it back to the origin is an appropriate solution for a
| > subset of situations.  If I have an SCT+certificate I want to resolve
| > to a STH, but can't, I can report it up to the origin via SCT
| > Feedback.  We also (or will) have guidelines for submitting it
| > multiple times, and ensuring that it's reported on a connection that
| > 'looks okay' (we have some notes in 7.1.1)
| >
| > There are (at least) two cases that aren't covered by "report it to
| > the origin". (Maybe more, but I can only think of two right now.)
| >
| > - The origin doesn't implement SCT Feedback.
| >
|  This is a hard one - if a domain operator isn't interested in learning
| about attacks against their domain, can anything be done about that?
| My suggestion for this case is to make it easy to delegate SCT Feedback -
| so domain owners can allow other domains which operate SCT Feedback to
| receive SCTs on their behalf. How does that sound?

Scary because we want the end user to trust that the same-origin
principle is indeed followed if they're going to play along with SCT
Feedback. Opening up for delegation sounds like bad news wrt this.

Impractical since the browser would have to know which domain that
example.com has delegated its SCT Feedback to.

Susceptible of blocking since it cannot be performed in the same TLS
stream as the ordinary https request.


| > - The data I have is an older STH, which is not tied to any specific
| > origin.
| >
| I think this case is less sensitive from a privacy perspective and so could
| be gossiped with any servers that do implement SCT Feedback?

We have STH Pollination for STH's but only if the STH is fresh, defined
in the draft as no older than 14 days. I think Tom means that "older"
implies "not fresh".

v2.23.0 | Report a Bug | By Email