Re: [Trans] Threat model outline, attack model

Matt Palmer <mpalmer@hezmatt.org> Sat, 27 September 2014 21:19 UTC

Return-Path: <mpalmer@hezmatt.org>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AE4B1A0342 for <trans@ietfa.amsl.com>; Sat, 27 Sep 2014 14:19:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.92
X-Spam-Level:
X-Spam-Status: No, score=0.92 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kvgmOqXrX13c for <trans@ietfa.amsl.com>; Sat, 27 Sep 2014 14:19:44 -0700 (PDT)
Received: from mail.hezmatt.org (mpalmer-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:9e6::2]) by ietfa.amsl.com (Postfix) with ESMTP id D2B141A0322 for <trans@ietf.org>; Sat, 27 Sep 2014 14:19:44 -0700 (PDT)
Received: from mistress.home.hezmatt.org (unknown [10.6.66.6]) by mail.hezmatt.org (Postfix) with ESMTP id 3C58C282E0B for <trans@ietf.org>; Sun, 28 Sep 2014 07:19:44 +1000 (EST)
Received: by mistress.home.hezmatt.org (Postfix, from userid 1000) id A6E92A04D7; Sun, 28 Sep 2014 07:19:40 +1000 (EST)
Date: Sun, 28 Sep 2014 07:19:40 +1000
From: Matt Palmer <mpalmer@hezmatt.org>
To: trans@ietf.org
Message-ID: <20140927211940.GP28050@hezmatt.org>
References: <54173589.3000404@bbn.com> <CABrd9SRShqm1r-2ajbqD5w1s686ciyjcEvywsXZaapgmi57NsA@mail.gmail.com> <54242F8A.2080602@bbn.com> <CABrd9SSwAdv-mAgofNT6bMWky7q=bZhAaX=L4gZUQDkROQ-3ZA@mail.gmail.com> <54258AF0.7090602@bbn.com> <4842B04F-A058-4F3C-9DA3-F29735EC7570@taoeffect.com> <alpine.LFD.2.10.1409262236210.27616@bofh.nohats.ca> <FC4A18E2-A42C-472F-B9FE-2278BB5A0BBA@taoeffect.com> <CABrd9SQBuQO1wrv7s06aT-GGyeWmu2sFzJrH6a+t81aq-dei+w@mail.gmail.com> <77D4B290-D2C8-44D7-AF84-A0A1B91B9557@taoeffect.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <77D4B290-D2C8-44D7-AF84-A0A1B91B9557@taoeffect.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/iylrBtv4hHh6DqJwdxC5wGKro1g
Subject: Re: [Trans] Threat model outline, attack model
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Sep 2014 21:19:47 -0000

On Sat, Sep 27, 2014 at 09:58:56AM -0700, Tao Effect wrote:
> "No barrier"? Subjects (domain owners) would need to monitor *all* the logs out there.
> 
> There will be like 1000+ logs out there.

"Citation needed", as the Wikipedeans say.  I'm not sure how you could
possibly come to that conclusion.

Even if there were that many logs in existence, the number of logs that a
subject would have to monitor would be limited to the set of logs that are
trusted by browsers and other SSL-using clients who implement CT (because
one or more of those logs are going to *have* to receive the certificate in
order for the log entry to be of any use).

While the requirements for running a log that is eligible for inclusion in
Chromium aren't *hugely* arduous, they're still not so trivial that every
man and his dog is going to be doing it.  In fact, given that there's no way
to monetize running a log, there are strong *dis*incentives to doing so
"just for the hell of it".

- Matt