Re: [Trans] [Public Notary Transparency Wiki] #170: Allow for separate SCT and STH keys?
"trans issue tracker" <trac+trans@ietf.org> Tue, 09 May 2017 11:22 UTC
Return-Path: <trac+trans@ietf.org>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0571129C03 for <trans@ietfa.amsl.com>; Tue, 9 May 2017 04:22:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, MISSING_HEADERS=1.021] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHokEeC2xudQ; Tue, 9 May 2017 04:21:59 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A469D1201FA; Tue, 9 May 2017 04:21:59 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: trans issue tracker <trac+trans@ietf.org>
X-Trac-Version: 1.0.10
Precedence: bulk
Cc: trans@ietf.org
Auto-Submitted: auto-generated
X-Mailer: Trac 1.0.10, by Edgewall Software
X-Trac-Project: Public Notary Transparency Wiki
Date: Tue, 09 May 2017 11:21:59 -0000
X-URL:
X-Trac-Ticket-URL: https://trac.ietf.org/trac/trans/ticket/170#comment:2
Message-ID: <037.e20821597edbafb14dff420740784189@ietf.org>
References: <022.9d8a06990859596aaa23fdb00d6774bc@ietf.org>
X-Trac-Ticket-ID: 170
In-Reply-To: <022.9d8a06990859596aaa23fdb00d6774bc@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/dYXstgzbLF7e5sSaI3VDrtlTuyo>
Subject: Re: [Trans] [Public Notary Transparency Wiki] #170: Allow for separate SCT and STH keys?
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2017 11:22:01 -0000
#170: Allow for separate SCT and STH keys? -------------------------+----------------------- Reporter: rlb@… | Owner: eranm@… Type: defect | Status: assigned Priority: major | Milestone: review Component: rfc6962-bis | Version: Severity: - | Resolution: Keywords: | -------------------------+----------------------- Changes (by eranm@…): * owner: draft-ietf-trans-rfc6962-bis@… => eranm@… * status: new => assigned * component: to-be-decided => rfc6962-bis * milestone: => review Comment: I agree with the analysis that the keys used for signing SCTs and STHs do not have to be the same. However, I'm not sure there's value in allowing that, and it does incur added cost. In theory it allows for separate security domains between the front-end and the signer. But I’d argue that as a log operator, that doesn’t buy us much because the signer is not tied to a single datacenter / HSM. The signing "role" migrates between jobs at different datacenters (for resiliency). Additionally, the key separation would be completely unnecessary if we ever build a log with immediate incorporation, where a signer is not necessary since sequencing of entries (and STH production) is done for each submission. As Richard points out, compromise of either keys has the same implications. It does complicates the client implementation: Client now has to keep two keys for the log instead of one. So I suggest closing this as wontfix. We can mention the option somewhere in the document, but currently I don't see the need. -- Ticket URL: <https://trac.ietf.org/trac/trans/ticket/170#comment:2> Public Notary Transparency Wiki <https://trac.ietf.org/trac/trans> My example project
- Re: [Trans] [Public Notary Transparency Wiki] #17… trans issue tracker
- Re: [Trans] [Public Notary Transparency Wiki] #17… trans issue tracker
- Re: [Trans] [Public Notary Transparency Wiki] #17… trans issue tracker
- Re: [Trans] [Public Notary Transparency Wiki] #17… trans issue tracker