Re: [Trans] v2 SCTs and v1 SCTs distinguishability
"Salz, Rich" <rsalz@akamai.com> Thu, 12 August 2021 22:15 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44B2E3A033F for <trans@ietfa.amsl.com>; Thu, 12 Aug 2021 15:15:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Level:
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5NJoD6dt_1WT for <trans@ietfa.amsl.com>; Thu, 12 Aug 2021 15:15:49 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCE623A0303 for <trans@ietf.org>; Thu, 12 Aug 2021 15:15:49 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.43/8.16.0.43) with SMTP id 17CMFbHb027353; Thu, 12 Aug 2021 23:15:38 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=OEXOa9nRV+UDxLVriOD5+BKrZYqoK6S6jtA5n8VLrpo=; b=bSTXtMppe7n7CEDRqx7Ph9REtTazbVySkFTHjzXeoFDQ/oVEuiPCiB0hIn511pMf4fpW kzAmlzMm1SYih8fjghNGM5imZzQNRUTxAA3iS07k53wFhIC4R1kZB27wP3UsKqJDAzmC DFdUqKaef5ZNsTosx8hzFhbO5PbGEDyhw47xYd6RC/CrB4g18R+D9icX9Gzv/Am2Uyjo 2jOOd3lPbCCUjttPes3brrTjZ+jUzXRg0EZYgaLz0gRxWnb3Xmd1vkrFw6ey07x7cpbR QhW5Ugg+tOhuF114q57b7ba9qA29J9GcCjKPAvKT+rNIYiRrWggbvIzlgX9QQCSYHsui xQ==
Received: from prod-mail-ppoint4 (a72-247-45-32.deploy.static.akamaitechnologies.com [72.247.45.32] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 3aday51yfb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Aug 2021 23:15:38 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 17CM5Scs023563; Thu, 12 Aug 2021 18:15:37 -0400
Received: from email.msg.corp.akamai.com ([172.27.165.112]) by prod-mail-ppoint4.akamai.com with ESMTP id 3abuyfgx83-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 12 Aug 2021 18:15:37 -0400
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.165.119) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.165.121) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Thu, 12 Aug 2021 17:15:36 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.165.119]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.165.119]) with mapi id 15.00.1497.023; Thu, 12 Aug 2021 17:15:36 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
CC: "trains@airmail.cc" <trains@airmail.cc>, "trans@ietf.org" <trans@ietf.org>
Thread-Topic: [Trans] v2 SCTs and v1 SCTs distinguishability
Thread-Index: AQHXj7ONlY14QjycwEOUKp55cUHKbKtwYLqAgABMgwD//9NDAA==
Date: Thu, 12 Aug 2021 22:15:35 +0000
Message-ID: <EA9B0F62-98AA-4F01-B8BE-3FCE72A240A6@akamai.com>
References: <1bb0f57710cdf3967fc23a7b8c7e859d@airmail.cc> <157A1E67-8C74-4209-B64E-17F39EEF1524@akamai.com> <CAErg=HHp5AJjSYB87Rq3WcDWj9iMu43D+hjstDpAf8hHGffwZw@mail.gmail.com>
In-Reply-To: <CAErg=HHp5AJjSYB87Rq3WcDWj9iMu43D+hjstDpAf8hHGffwZw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.52.21080801
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_EA9B0F6298AA4F01B8BE3FCE72A240A6akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-12_06:2021-08-12, 2021-08-12 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0 mlxscore=0 spamscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108120140
X-Proofpoint-GUID: W1shNh33vfGn2F-NVI9RzgEeowMtGewi
X-Proofpoint-ORIG-GUID: W1shNh33vfGn2F-NVI9RzgEeowMtGewi
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-12_06:2021-08-12, 2021-08-12 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 bulkscore=0 adultscore=0 spamscore=0 clxscore=1015 mlxlogscore=835 phishscore=0 mlxscore=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108120141
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 72.247.45.32) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint4
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/ggBZlujBCa5lhK411kAI7NZ96vY>
Subject: Re: [Trans] v2 SCTs and v1 SCTs distinguishability
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Aug 2021 22:15:55 -0000
No, I misread the concern so the PEBKAC is on me. >That said, I'm struggling to think that this actually matters, due to the fact that the TransItem is no longer presented the same as the SignedCertificateTimestamp - that is, as discussed in https://www.ietf.org/archive/id/draft-ietf-trans-rfc6962-bis-41.html#name-presenting-scts-inclusions-<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-ietf-trans-rfc6962-bis-41.html*name-presenting-scts-inclusions-__;Iw!!GjvTz_vk!FdBQc1XlZqkUsWHiXq4_ISAgESX6182gBKlZddj8AIyx11QBuw1PKfBCSGZB$> , these are conveyed through separate TLS extension (transparency_info), as well as new X.509 and OCSP extensions ( https://www.ietf.org/archive/id/draft-ietf-trans-rfc6962-bis-41.html#name-transparency-information-x5<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-ietf-trans-rfc6962-bis-41.html*name-transparency-information-x5__;Iw!!GjvTz_vk!FdBQc1XlZqkUsWHiXq4_ISAgESX6182gBKlZddj8AIyx11QBuw1PKZ9wEdMH$> ), so this overlap in "how to interpret first byte" is no longer relevant. That makes sense to me. Perhaps the original poster is fetching SCT’s some other way and there’s no context to distinguish them?
- [Trans] v2 SCTs and v1 SCTs distinguishability trains
- Re: [Trans] v2 SCTs and v1 SCTs distinguishability Salz, Rich
- Re: [Trans] v2 SCTs and v1 SCTs distinguishability Ryan Sleevi
- Re: [Trans] v2 SCTs and v1 SCTs distinguishability Salz, Rich
- Re: [Trans] v2 SCTs and v1 SCTs distinguishability Rob Stradling
- Re: [Trans] v2 SCTs and v1 SCTs distinguishability Salz, Rich
- Re: [Trans] v2 SCTs and v1 SCTs distinguishability Ryan Sleevi