[Trans] Gossiping in CT
Linus Nordberg <linus@nordu.net> Sat, 27 September 2014 13:35 UTC
Return-Path: <linus@nordu.net>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDAD81A1B24 for <trans@ietfa.amsl.com>; Sat, 27 Sep 2014 06:35:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.829
X-Spam-Level: *
X-Spam-Status: No, score=1.829 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7cJhHEL2E3Br for <trans@ietfa.amsl.com>; Sat, 27 Sep 2014 06:35:16 -0700 (PDT)
Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E07431A1B18 for <trans@ietf.org>; Sat, 27 Sep 2014 06:35:15 -0700 (PDT)
Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id s8RDZDSb016599 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <trans@ietf.org>; Sat, 27 Sep 2014 15:35:13 +0200
Received: from kerio.nordu.net (kerio.nordu.net [109.105.110.42]) by smtp1.nordu.net (8.14.7/8.14.7) with ESMTP id s8RDZAuR019810 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <trans@ietf.org>; Sat, 27 Sep 2014 13:35:13 GMT
VBR-Info: md=nordu.net; mc=all; mv=swamid.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nordu.net; s=default; t=1411824913; bh=bPkIC9Im4iY9I8sNJ1sJuruV6HpI3pSx64hqI7dRKhs=; h=From:To:Subject:Date; b=VYwsKrsGiI0mRnMoVN17j0HowrwgGv3G6xHjcoVjfvwkUadzZlH1HdQONb92YS1Js 5lkeHzJNnWmkzD7f3UIbSayVrvLjlizj4V08vJ1Dozshy3SSndN+MTmHFEYcMv2nn2 Lx/NEC1U3BpMIjdaCrj8Ab5hJqi4dsVqjfGP2B8Y=
X-Footer: bm9yZHUubmV0
Received: from flogsta.nordberg.se ([193.10.5.129]) (authenticated user linus@nordu.net) by kerio.nordu.net (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) for trans@ietf.org; Sat, 27 Sep 2014 15:35:13 +0200
From: Linus Nordberg <linus@nordu.net>
To: trans@ietf.org
Organization: NORDUnet A/S
Date: Sat, 27 Sep 2014 15:36:17 +0200
Message-ID: <878ul5tcby.fsf@nordberg.se>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: CanIt (www . roaringpenguin . com)
X-Scanned-By: MIMEDefang 2.74 on 109.105.111.32
X-p0f-Info: os=unknown unknown, link=Ethernet or modem
X-CanIt-Geo: ip=109.105.110.42; country=SE; latitude=62.0000; longitude=15.0000; http://maps.google.com/maps?q=62.0000,15.0000&z=6
X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default)
X-Canit-Stats-ID: 0aMUdzdeX - 10b35b82c935 - 20140927
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/gsGgoqEn-lrm0KxGrYbXwUiY6CM
Subject: [Trans] Gossiping in CT
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Sep 2014 13:35:19 -0000
Hi, This gossiping that people is talking about, what is it? Here's a summary of what I think some people mean when they say gossip and what problem this thing tries to solve. It's based on a few IETF-related documents and not the full picture. I'd be interested to hear what other people read into the concept of gossiping in CT A CT log which is audited and monitored without complaints can still mount a partitioning attack on its clients. The easiest case, from the logs perspective, is to divide the clients in two sets and serve them two different views of the log. So set A sees view A and set B sees view B. If a client in one set sees an STH from a view meant for another set, it could conclude that the log is misbehaving since the log cannot produce a consistency proof between STH(A) and STH(B). (Unless A and B are forks from a tree splitting at the older of the two tree heads, but then they'd technically not be different views.) The same is true for a client seeing an SCT from one view and an STH from another because the log cannot produce an inclusion proof of an entry in A being part of STH(B). Gossiping then is the spreading of information about a given log, aiming to cross the potential boundaries between different sets of clients of that log. * Whom to gossip with In order to maximise the chance of crossing a border between to sets of clients in a partitioning attack, clients should try to talk with as many different clients as possible. * What to gossip The more information shared, the better detection we seem to get. But sharing information have privacy implications. It seems to me that sharing STH's is much less problematic than sharing SCT's. Showing someone an STH will reveal that you've been receiving data, directly or indirectly, from a given log as late as 'timestamp'. (The log is not identified more than with a tree hash and a signature but that's enough for confirming a given log, given access to it and its public key.) The increase in fingerprintability that CT gossiping of STH's would add would depend on the deployment of CT support in browsers and how browser vendors select which logs to use. Showing someone an SCT will reveal that you've received data about a given site (through the x509 certificate) from a given log (through the LogID) no later than a given time (timestamp). This might be a strong indication that you've visited that site but this depends on how other clients behave. It's been suggested that STH's are to be gossiped. The question about which STH's to gossip about has not been answered. * How to gossip It's been suggested that web browsers should use TLS connections to web servers for gossiping. One argument for that is that this makes the attack of blocking the gossiping messages hard to get away with without people noticing because it means blocking TLS to all servers participating. This can hopefully be useful as a starting point for discussing gossiping in trans.
- [Trans] Gossiping in CT Linus Nordberg
- Re: [Trans] Gossiping in CT Tao Effect
- Re: [Trans] Gossiping in CT Love Hörnquist Åstrand
- Re: [Trans] Gossiping in CT Tao Effect
- Re: [Trans] Gossiping in CT Love Hörnquist Åstrand
- Re: [Trans] Gossiping in CT Tao Effect
- Re: [Trans] Gossiping in CT Tao Effect
- Re: [Trans] Gossiping in CT Linus Nordberg
- Re: [Trans] Gossiping in CT Linus Nordberg
- Re: [Trans] Gossiping in CT Gervase Markham
- Re: [Trans] Gossiping in CT Ben Laurie