Re: [Trans] Threat model outline, attack model

Tao Effect <contact@taoeffect.com> Sat, 27 September 2014 01:25 UTC

Return-Path: <contact@taoeffect.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 143AE1A0110 for <trans@ietfa.amsl.com>; Fri, 26 Sep 2014 18:25:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.334
X-Spam-Level:
X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id twMLTW-MF7q8 for <trans@ietfa.amsl.com>; Fri, 26 Sep 2014 18:25:58 -0700 (PDT)
Received: from homiemail-a9.g.dreamhost.com (homie.mail.dreamhost.com [208.97.132.208]) by ietfa.amsl.com (Postfix) with ESMTP id 044BE1A00FC for <trans@ietf.org>; Fri, 26 Sep 2014 18:25:58 -0700 (PDT)
Received: from homiemail-a9.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a9.g.dreamhost.com (Postfix) with ESMTP id CC0CD626075; Fri, 26 Sep 2014 18:25:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; s=taoeffect.com; bh=aqJtkpXRC4ii1C+/P 1/SUpisXYE=; b=JfYrHhaLqpPb/On5PbOKh97G4XRB2CnLv/NxMTYUsEFN7oVEh ndwlJ1Enroaw5XLCzF1mdh9eZsd1uPJ5zktxU21L5OeL7FXvYClPw5a4Z09I6iYP e2ZAyCU+irigFc6Lh1bAqOj8w1P/AJAUBgWb+x+bIMlj1CPJ5JRLnyN5zQ=
Received: from [192.168.42.78] (50-0-138-93.dsl.dynamic.sonic.net [50.0.138.93]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: contact@taoeffect.com) by homiemail-a9.g.dreamhost.com (Postfix) with ESMTPSA id 6F7BE626079; Fri, 26 Sep 2014 18:25:57 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_88AD85FB-DE7A-49BE-A02C-DE63B24B689C"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Pgp-Agent: GPGMail 2.1 (f76fd85)
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <54258AF0.7090602@bbn.com>
Date: Fri, 26 Sep 2014 18:25:56 -0700
X-Mao-Original-Outgoing-Id: 433473956.579921-35ea12293746ac1b0d80e9c1a08391a5
Message-Id: <4842B04F-A058-4F3C-9DA3-F29735EC7570@taoeffect.com>
References: <5411E511.1040605@bbn.com> <CABrd9STmog8-JZCg9Tfv_ToUswY=9LBcZAPQM2cqUVcO0dhAnQ@mail.gmail.com> <54173589.3000404@bbn.com> <CABrd9SRShqm1r-2ajbqD5w1s686ciyjcEvywsXZaapgmi57NsA@mail.gmail.com> <54242F8A.2080602@bbn.com> <CABrd9SSwAdv-mAgofNT6bMWky7q=bZhAaX=L4gZUQDkROQ-3ZA@mail.gmail.com> <54258AF0.7090602@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/hS3d1PXJmROoufSOLJJxMhaoYFE
Cc: trans@ietf.org
Subject: Re: [Trans] Threat model outline, attack model
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Sep 2014 01:25:59 -0000

Dear Stephen,

I've been reading through this thread with fascination. Thank you for bringing up the fact that CT needs to more clearly (and accurately) state what its threat model is, what sort of protections it does and does not provide to netizens, etc.

Had I found this thread earlier this week, I would have cited parts of it in a blog post I wrote on the same topic a few days ago [1].

I don't know whether you'll find that post useful or not, but for the sake of building a threat model, I think the visual diagrams there might help others more quickly grasp the sort of attack that CT should expect to face from certain actors. I know that I am primarily a visual thinker and learner, so for me visuals are essential to fully grasping complex systems.

The post does not discuss gossip because, to my understanding, the details of gossip have still not been fully agreed upon and specified in the RFC. Once they are, I will be very interested to re-evaluate what sort of impact might have.

Thanks again for raising this topic on the list.

Kind regards,
Greg Slepak

[1] http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/

--
Please do not email me anything that you are not comfortable also sharing with the NSA.