Re: [Trans] Write-up of the "Strict CT" variant
Magnus Ahltorp <map@kth.se> Thu, 25 May 2017 11:01 UTC
Return-Path: <map@kth.se>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3B0A12945E for <trans@ietfa.amsl.com>; Thu, 25 May 2017 04:01:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.503
X-Spam-Level:
X-Spam-Status: No, score=-1.503 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9kkr30B-mCld for <trans@ietfa.amsl.com>; Thu, 25 May 2017 04:01:07 -0700 (PDT)
Received: from smtp-3.sys.kth.se (smtp-3.sys.kth.se [IPv6:2001:6b0:1:1300:250:56ff:fea6:2de2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB44B129434 for <trans@ietf.org>; Thu, 25 May 2017 04:01:07 -0700 (PDT)
Received: from smtp-3.sys.kth.se (localhost.localdomain [127.0.0.1]) by smtp-3.sys.kth.se (Postfix) with ESMTP id 5612D3A8D; Thu, 25 May 2017 13:01:05 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at kth.se
Received: from smtp-3.sys.kth.se ([127.0.0.1]) by smtp-3.sys.kth.se (smtp-3.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 7Fo5aoCm7jIH; Thu, 25 May 2017 13:01:04 +0200 (CEST)
Received: from [IPv6:::1] (s17.lan.kth.se [IPv6:2001:6b0:1:1d20:214:c2ff:fe3a:5eec]) by smtp-3.sys.kth.se (Postfix) with ESMTPS id CDC143A8B; Thu, 25 May 2017 13:01:03 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Magnus Ahltorp <map@kth.se>
In-Reply-To: <CALzYgEeUCmj4BgY7uKdMnsvTcbvfAunquuqHxD7FxuzZxY1=Fg@mail.gmail.com>
Date: Thu, 25 May 2017 13:01:03 +0200
Cc: "trans@ietf.org" <trans@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3FECD8A3-4B3E-471D-9F2D-3524A87694B6@kth.se>
References: <CALzYgEeUCmj4BgY7uKdMnsvTcbvfAunquuqHxD7FxuzZxY1=Fg@mail.gmail.com>
To: Eran Messeri <eranm@google.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/ivDTzqKY97JB-zHxN-JULo59RZg>
Subject: Re: [Trans] Write-up of the "Strict CT" variant
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2017 11:02:36 -0000
> 23 May 2017 14:42 Eran Messeri <eranm@google.com> wrote: > > *Overview*: > > - UA vendor ("auditor") periodically collects an STH (denoted "official" > STH [1]) from each log, distributes it to its UAs ("clients"). Clients are > expected to cache all STHs. > - CA/Site Owner ("submitter") submits (pre)certificate to the log, gets > SCT [2]. > - Submitter waits until the next official STH that includes the > certificate, gets an inclusion proof to be served alongside the certificate > + SCT. > - In the TLS handshake, clients get certificate + SCT + inclusion proof > to an official STH they know about [5]. > > > The purpose of the UA vendor sending down the official STH is to provide > third-party verification of the consensus. > The purpose of the submitter bundling the STH + inclusion proof is to avoid > the client having to retrieve it via some other protocol I may have misunderstood something, but why would the STH not always be included with the inclusion proof? What is the reason for all this extra complexity (UA vendor distributing the STH, inclusion proof not self-contained)? /Magnus
- [Trans] Write-up of the "Strict CT" variant Eran Messeri
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Eran Messeri
- Re: [Trans] Write-up of the "Strict CT" variant Eran Messeri
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Andrew Ayer
- Re: [Trans] Write-up of the "Strict CT" variant Andrew Ayer
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Tom Ritter
- Re: [Trans] Write-up of the "Strict CT" variant Filippo Valsorda
- Re: [Trans] Write-up of the "Strict CT" variant Jacob Hoffman-Andrews
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Magnus Ahltorp
- Re: [Trans] Write-up of the "Strict CT" variant Ryan Sleevi
- Re: [Trans] Write-up of the "Strict CT" variant Phillip Hallam-Baker
- Re: [Trans] Write-up of the "Strict CT" variant Watson Ladd