Re: [Trans] Providing the history of STHs a log has issued (in 6962-bis)
Linus Nordberg <linus@sunet.se> Mon, 08 May 2017 23:08 UTC
Return-Path: <linus@sunet.se>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71DB2126B7F for <trans@ietfa.amsl.com>; Mon, 8 May 2017 16:08:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gt4qFOZ7EbUk for <trans@ietfa.amsl.com>; Mon, 8 May 2017 16:08:39 -0700 (PDT)
Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BBD01200FC for <trans@ietf.org>; Mon, 8 May 2017 16:08:38 -0700 (PDT)
Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id v48N8YNZ007080 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 9 May 2017 01:08:35 +0200
Received: from flogsta (smtp.adb-centralen.se [IPv6:2001:6b0:8::129]) (authenticated bits=0) by smtp1.nordu.net (8.14.7/8.14.7) with ESMTP id v48N8TsH009054 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 8 May 2017 23:08:34 GMT
From: Linus Nordberg <linus@sunet.se>
To: Andrew Ayer <agwa@andrewayer.name>
Cc: trans@ietf.org
Organization: Sunet
References: <CALzYgEe+PbYJN6Zz4NnPXBnnhYCi8Op-WmSzFKGxRv+uf+b=sA@mail.gmail.com> <20170504082636.dd0212e34e17949eb69b2fed@andrewayer.name> <CAFDDyk93AcRsCTmt+EPO6VFn-Y4D8g1ETTdGuJrtVk3rH7Xnxg@mail.gmail.com> <20170504123447.41d957a88bd65417e714be78@andrewayer.name> <CAFDDyk-DyBObm2W96R1dZPET-CWwTnitmonkHV2oT+_GH4Gyew@mail.gmail.com> <20170505100910.f3da472d9ad71d1d540b8b62@andrewayer.name>
Date: Tue, 09 May 2017 01:08:36 +0200
In-Reply-To: <20170505100910.f3da472d9ad71d1d540b8b62@andrewayer.name> (Andrew Ayer's message of "Fri, 5 May 2017 10:09:10 -0700")
Message-ID: <87lgq7j6a3.fsf@nordberg.se>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: CanIt (www . roaringpenguin . com)
X-Scanned-By: MIMEDefang 2.74
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-nordu-net:default, nordu-net:default, base:default, @@RPTN)
X-p0f-Info: os=unknown unknown, link=Ethernet or modem
X-CanIt-Geo: ip=2001:6b0:8::129; country=SE; latitude=59.3247; longitude=18.0560; http://maps.google.com/maps?q=59.3247,18.0560&z=6
X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default)
X-Canit-Stats-ID: 0aThX8yFF - 2e92e089fa6a - 20170509
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral (e-mailfilter02.sunet.se: 2001:6b0:8::129 is neither permitted nor denied by domain linus@sunet.se) receiver=e-mailfilter02.sunet.se; client-ip=2001:6b0:8::129; envelope-from=<linus@sunet.se>; helo=smtp1.nordu.net; identity=mailfrom
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/kD59qckPc27kw4Rgtcd9LipXShU>
Subject: Re: [Trans] Providing the history of STHs a log has issued (in 6962-bis)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2017 23:08:41 -0000
Andrew Ayer <agwa@andrewayer.name> wrote Fri, 5 May 2017 10:09:10 -0700: > On Thu, 04 May 2017 20:58:16 +0000 > Nick Sullivan <nick@cloudflare.com> wrote: > >> By consistent I mean that if a sequence of STHs such as (A, B, C) are >> presented on day 1, that a different sequence is not presented on day >> 2 (A, C) or (A, D, B, C). > > The PR doesn't currently say the log must retain and return all STHs > it has ever signed. That should be added. Such language, plus the > existing chronological ordering requirement, plus the requirement that > STH timestamps be unique ("Each subsequent timestamp MUST be more > recent than the timestamp of the previous update") should ensure > consistency, right? > >> Rob's language works in term of chronological order. >> >> STH pollination could be a way to support auditing this, but I don't >> think it's sufficiently robust as currently defined. To prevent STHs >> from going missing, or for new STHs to appear after the fact, STHs >> should be exchanged along with metadata indicating the previous and >> (if it exists yet) the next STH in the tree. > > To be an effective auditing mechanism, this information needs to be > signed by the log. Otherwise, a monitor could lie about what it has > seen. Perhaps the STH could contain the timestamp of the previous > STH. If it did, I believe that STH pollination would be sufficient for > detecting STHs that go missing or appear after the fact. > > That said, is there a compelling security need for this to be > auditable? I'm probably missing something crucial here but if it's not auditable, what use does it have? It seems to me that you're transcending towards a log of STHs, which I wouldn't mind thinking about but probably not as an ad-hoc addon to a new get-sths API. For the record, I'd like to express hesitance about adding an STH history API until I understand the problem better, with apologies for not being fully up to speed at the moment.
- [Trans] Providing the history of STHs a log has i… Eran Messeri
- Re: [Trans] Providing the history of STHs a log h… Paul Hadfield
- Re: [Trans] Providing the history of STHs a log h… Andrew Ayer
- Re: [Trans] Providing the history of STHs a log h… Nick Sullivan
- Re: [Trans] Providing the history of STHs a log h… Andrew Ayer
- Re: [Trans] Providing the history of STHs a log h… Nick Sullivan
- Re: [Trans] Providing the history of STHs a log h… Andrew Ayer
- Re: [Trans] Providing the history of STHs a log h… Brian Smith
- Re: [Trans] Providing the history of STHs a log h… Linus Nordberg
- Re: [Trans] Providing the history of STHs a log h… Eran Messeri
- Re: [Trans] Providing the history of STHs a log h… Andrew Ayer
- Re: [Trans] Providing the history of STHs a log h… Eran Messeri
- Re: [Trans] Providing the history of STHs a log h… Al Cutter
- Re: [Trans] Providing the history of STHs a log h… Brian Smith
- Re: [Trans] Providing the history of STHs a log h… Nick Sullivan
- Re: [Trans] Providing the history of STHs a log h… Matt Palmer
- Re: [Trans] Providing the history of STHs a log h… Brian Smith
- Re: [Trans] Providing the history of STHs a log h… Linus Nordberg