Re: [Trans] Threat model outline, attack model

Tao Effect <contact@taoeffect.com> Wed, 01 October 2014 16:15 UTC

Return-Path: <contact@taoeffect.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDAB31ACE4D for <trans@ietfa.amsl.com>; Wed, 1 Oct 2014 09:15:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.334
X-Spam-Level:
X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOs11pKf4-_j for <trans@ietfa.amsl.com>; Wed, 1 Oct 2014 09:15:59 -0700 (PDT)
Received: from homiemail-a4.g.dreamhost.com (homie.mail.dreamhost.com [208.97.132.208]) by ietfa.amsl.com (Postfix) with ESMTP id E90691A0687 for <trans@ietf.org>; Wed, 1 Oct 2014 09:15:58 -0700 (PDT)
Received: from homiemail-a4.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a4.g.dreamhost.com (Postfix) with ESMTP id A1ACC51C070; Wed, 1 Oct 2014 09:15:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; s=taoeffect.com; bh=Y7Qc41OyIEb4ceyow /227znSYF0=; b=munTnT8BMy4Md84XoKLEwNsy6HhjvxNEASgCjvZKmDGm0ciLI Gp4K57atqtfHozE+t485kMyXBtLOLiV1hNEyDfPl0lJillHlrjuggTCPpqomLgeL AvX2/neKTimJgYR0i7aP7EHPPGWZXeVp9eTHRtomHiCnpkoH5epzsdNl0c=
Received: from [192.168.42.78] (50-1-116-54.dsl.dynamic.sonic.net [50.1.116.54]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: contact@taoeffect.com) by homiemail-a4.g.dreamhost.com (Postfix) with ESMTPSA id 1B5D851C073; Wed, 1 Oct 2014 09:15:57 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_DE45AF54-5181-493A-AB0C-A9DD64E5157F"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Pgp-Agent: GPGMail 2.1 (f76fd85)
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <CAA7UWsW06qYWfO_CDGEvhR2OJbiodrJ96qPuz=6-DnK4XNdR7g@mail.gmail.com>
Date: Wed, 1 Oct 2014 09:15:57 -0700
X-Mao-Original-Outgoing-Id: 433872957.080833-516dafabbd810154a447bba594faef93
Message-Id: <530D1136-916E-41F7-A9EC-819C5564CA33@taoeffect.com>
References: <5411E511.1040605@bbn.com> <CABrd9STmog8-JZCg9Tfv_ToUswY=9LBcZAPQM2cqUVcO0dhAnQ@mail.gmail.com> <54173589.3000404@bbn.com> <CABrd9SRShqm1r-2ajbqD5w1s686ciyjcEvywsXZaapgmi57NsA@mail.gmail.com> <54242F8A.2080602@bbn.com> <CABrd9SSwAdv-mAgofNT6bMWky7q=bZhAaX=L4gZUQDkROQ-3ZA@mail.gmail.com> <54258AF0.7090602@bbn.com> <CABrd9SQNXHdJQCC3JQJirqdkg_ub0oXCkxPqit9H6LjUPqNioA@mail.gmail.com> <54297249.1090409@bbn.com> <CABrd9ST59Yd3GDjxMiX9jMg68_BRd2_v0Mpo8u_oW1zM1VWjjA@mail.gmail.com> <542C1063.50404@bbn.com> <CAA7UWsW06qYWfO_CDGEvhR2OJbiodrJ96qPuz=6-DnK4XNdR7g@mail.gmail.com>
To: David Leon Gil <coruus@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/ixTY7iC-amsHbgQ9wsYJ5CIY9tg
Cc: Ben Laurie <benl@google.com>, "trans@ietf.org" <trans@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [Trans] Threat model outline, attack model
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 16:16:00 -0000

On Oct 1, 2014, at 7:54 AM, David Leon Gil <coruus@gmail.com> wrote:

> On Wed, Oct 1, 2014 at 10:32 AM, Stephen Kent <kent@bbn.com> wrote:
>> If a "broader scope" means using more ambiguous terms, I can't see why that would be an improvement.
>> It has the flavor of "CT is obviously good, so let's just do it."
> 
> Okay. You've convinced me.
> 
> So: I've disabled syslog on all my servers. I can't define a-priori
> what security issues logging might detect. Thus there's no point in
> logging anything.


1. If CT were as useful and usable as syslog, I'd have fewer problems with it.

2. syslog does not claim to "make it impossible to [xyz hacker thing] without detection", whereas such claims have been made about CT [1].

3. Nor is syslog presenting it as an IETF security-related protocol.

4. syslog isn't "overtly forcing" [2] architectural changes upon anyone based on aforementioned false claims.

Kind regards,
Greg Slepak

[1] http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/
[2] https://twitter.com/Cryptoki/status/514866111968706560

--
Please do not email me anything that you are not comfortable also sharing with the NSA.