IETF Logo Mail Archive

Re: [Trans] [Public Notary Transparency Wiki] #170: Allow for separate SCT and STH keys?

"trans issue tracker" <trac+trans@ietf.org> Tue, 09 May 2017 11:22 UTC

Return-Path: <trac+trans@ietf.org>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0571129C03 for <trans@ietfa.amsl.com>; Tue, 9 May 2017 04:22:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, MISSING_HEADERS=1.021] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHokEeC2xudQ; Tue, 9 May 2017 04:21:59 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A469D1201FA; Tue, 9 May 2017 04:21:59 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: trans issue tracker <trac+trans@ietf.org>
X-Trac-Version: 1.0.10
Precedence: bulk
Cc: trans@ietf.org
Auto-Submitted: auto-generated
X-Mailer: Trac 1.0.10, by Edgewall Software
X-Trac-Project: Public Notary Transparency Wiki
Date: Tue, 09 May 2017 11:21:59 -0000
X-URL:
X-Trac-Ticket-URL: https://trac.ietf.org/trac/trans/ticket/170#comment:2
Message-ID: <037.e20821597edbafb14dff420740784189@ietf.org>
References: <022.9d8a06990859596aaa23fdb00d6774bc@ietf.org>
X-Trac-Ticket-ID: 170
In-Reply-To: <022.9d8a06990859596aaa23fdb00d6774bc@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/dYXstgzbLF7e5sSaI3VDrtlTuyo>
Subject: Re: [Trans] [Public Notary Transparency Wiki] #170: Allow for separate SCT and STH keys?
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2017 11:22:01 -0000

#170: Allow for separate SCT and STH keys?
-------------------------+-----------------------
 Reporter:  rlb@…        |       Owner:  eranm@…
     Type:  defect       |      Status:  assigned
 Priority:  major        |   Milestone:  review
Component:  rfc6962-bis  |     Version:
 Severity:  -            |  Resolution:
 Keywords:               |
-------------------------+-----------------------
Changes (by eranm@…):

 * owner:  draft-ietf-trans-rfc6962-bis@… => eranm@…
 * status:  new => assigned
 * component:  to-be-decided => rfc6962-bis
 * milestone:   => review


Comment:

 I agree with the analysis that the keys used for signing SCTs and STHs do
 not have to be the same.
 However, I'm not sure there's value in allowing that, and it does incur
 added cost.

 In theory it allows for separate security domains between the front-end
 and the signer. But I’d argue that as a log operator, that doesn’t buy us
 much because the signer is not tied to a single datacenter / HSM. The
 signing "role" migrates between jobs at different datacenters (for
 resiliency). Additionally, the key separation would be completely
 unnecessary if we ever build a log with immediate incorporation, where a
 signer is not necessary since sequencing of entries (and STH production)
 is done for each submission.
 As Richard points out, compromise of either keys has the same
 implications.

 It does complicates the client implementation: Client now has to keep two
 keys for the log instead of one.


 So I suggest closing this as wontfix.  We can mention the option somewhere
 in the document, but currently I don't see the need.

--
Ticket URL: <https://trac.ietf.org/trac/trans/ticket/170#comment:2>
Public Notary Transparency  Wiki <https://trac.ietf.org/trac/trans>
My example project

v2.23.0 | Report a Bug | By Email