IETF Logo Mail Archive

Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior

Tom Ritter <tom@ritter.vg> Fri, 23 October 2015 05:12 UTC

Return-Path: <tom@ritter.vg>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57BAA1B31EB for <trans@ietfa.amsl.com>; Thu, 22 Oct 2015 22:12:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vP85ukL4frWg for <trans@ietfa.amsl.com>; Thu, 22 Oct 2015 22:12:04 -0700 (PDT)
Received: from mail-yk0-x22b.google.com (mail-yk0-x22b.google.com [IPv6:2607:f8b0:4002:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCF631B31E9 for <trans@ietf.org>; Thu, 22 Oct 2015 22:12:03 -0700 (PDT)
Received: by ykdr3 with SMTP id r3so105979945ykd.1 for <trans@ietf.org>; Thu, 22 Oct 2015 22:12:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=1L/RV+YEURsyz2PL6KOxjezgFW2h6E6coLohjqafzUs=; b=ks4RBqT7eBrB9mHkgDgpljgTEXRjkyxxYqVOlRgPCJ8foMMHcg6UEDO4pd+QOj6Egy Kw93jLIeHfwuIRh7gPJGZPyRf8DZpb1K93sNBh41aVhqmsCRYZWvRgv6oIjX9t9jbinA n2J1iMyGHUJJxuRhoGzZlmKJLoRG1dDboWrZ0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=1L/RV+YEURsyz2PL6KOxjezgFW2h6E6coLohjqafzUs=; b=U/klWxWeL2RdrwoDLkDmZAfpv9nLzXHczTgk2h97iw1ToBJU+VAqt6FRhUo2c5HP86 X2TdStJMgSRL27tK1H3Bp3Rkeh7lpRTunkUpH7dgbELWZaQ52aOER4l58KHxZ/Wsp4Np NhnyiV2r/XvEFbVSa8GsCn6kW5wds/wpGOtufl3UIDbM6uLkcqIgW2cvdmlugr3hKHhU Wi00SAQn1PHpoiY46wJXAdNdmV3zoIpfEVnT71IeTp7WONkEYKgH0U7M6RPWI3fmwQ+e 7v7JaL2pX6++nA3xjzbCR0TI3tY+8pBvw947KjJgfSdq6+mv3EUv95YTN74l/NJt+N4N DkNA==
X-Gm-Message-State: ALoCoQmHHgOlAbZFmTAGFQ+kGojmElamWBWfng8VC4qqua2v1/XYSW1yXwlPe9O6qa/nL50YHolg
X-Received: by 10.55.40.224 with SMTP id o93mr23309605qko.106.1445577123061; Thu, 22 Oct 2015 22:12:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.94.117 with HTTP; Thu, 22 Oct 2015 22:11:43 -0700 (PDT)
In-Reply-To: <87611ybjud.fsf@alice.fifthhorseman.net>
References: <CA+cU71m0wpnD1ZYOTtr=oW+1BjquFxyagtMt+wgCgC_PD0PE-g@mail.gmail.com> <CABrd9SQd2RETKQWe9-_KCHufAWjBhs2k008vEz-5cyM_gbY4Qw@mail.gmail.com> <E1812BE0-BD94-4050-95DB-C0483303AFF2@isoc.org> <CABEqWMC=pJUMEn8DxxTn6VTBs9hpayC-ZVUwcGdvg=PEw-Q=Rg@mail.gmail.com> <CALzYgEfsEOyuo9Ez2JqoMJ=WzZ3mFY+eTe6L2F6ZSLJEiVJAJQ@mail.gmail.com> <CA+cU71=YMq3jJhdnv_CqmteUhRnnxYmbpjQ=hN0DhFbBoy+ERg@mail.gmail.com> <CALzYgEcnW-Gm5jjv3cGj-MTPO9TA2u8sVpuJU8ML8dPi-ynKRA@mail.gmail.com> <87fv142urp.fsf@nordberg.se> <CA+cU71=s9fkKxYF47mYRnejLexsE2x924Dm+sU=fckzKKPdE4A@mail.gmail.com> <CABrd9SSeb=sHYDphJSWvF+ROBEdsrfDfOLSTyHDHuRvOz_RobA@mail.gmail.com> <87611ybjud.fsf@alice.fifthhorseman.net>
From: Tom Ritter <tom@ritter.vg>
Date: Fri, 23 Oct 2015 00:11:43 -0500
Message-ID: <CA+cU71nBYWzvxPAAYPQ9x0jWJV1MGX_i8LeygAm2nXUbpj4v1w@mail.gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/lL3Hsv0vVyeA6SLuRALLqZ0gRgQ>
Cc: "trans@ietf.org" <trans@ietf.org>, Linus Nordberg <linus@nordu.net>, Katriel Cohn-Gordon <me@katriel.co.uk>, Robin Wilton <wilton@isoc.org>, Eran Messeri <eranm@google.com>, Ben Laurie <benl@google.com>
Subject: Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2015 05:12:05 -0000

On 22 October 2015 at 17:48, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> On Thu 2015-10-22 06:23:35 -0400, Ben Laurie wrote:
>> On Thu, 22 Oct 2015 at 03:16 Tom Ritter <tom@ritter.vg> wrote:
>>> On 21 October 2015 at 08:52, Linus Nordberg <linus@nordu.net> wrote:
>>> > Impractical since the browser would have to know which domain that
>>> > example.com has delegated its SCT Feedback to.
>>>
>>> This is an engineering problem I don't see a neat solution to. So
>>> obviously the solution is a new HTTP header! SCT-Feedback:
>>>
>>> https://uncle-neds-discount-hanggliding-and-sct-feedback-correlator.website/google.com/
>>> ;)
>>
>> Quite so.
>
> I can't tell how much people are kidding around here -- i see Tom's
> winky emoticon, at least.
>
> But which version of the site should get to declare where the delegation
> should happen -- the version that has the bogus cert with SCTs from the
> colluding logs, or the "real" version?

The header should not persist, it should be required to be present on
every response to keep the delegation occuring.  So assume the fake
server sets it, and you give some SCT feedback to the delegated
attacker.  Later when you visit the site, and no longer see the
header, you give SCTs to the real site.  I don't think this changes
the threat model, as we assume the attacker cannot forever-middle a
user.

I tend to like HTTP headers, but I do recognize there's a ton of them.

On 22 October 2015 at 05:25, Ben Laurie <benl@google.com> wrote:
> On Thu, 22 Oct 2015 at 03:16 Tom Ritter <tom@ritter.vg> wrote:
>>
>> I can't
>> think of a way you receive (no-maliciously) an older-then-three-week
>> STH.
>
> You can end up with one if you receive a fresh one and then go to sleep for
> 4 weeks...

That's true. It seems different from the client receiving a 4-week old
STH via the network though.

If you start up and have a 4-week old STH in your store - you can
presume that you recived it when it was fresh. And if you cannot
resolve with a consistency proof - it seems 'safer' to me in some way.
If you receive a 4-week old STH from a site, I might assume they're
trying to load me with a tracking STH.

But in general we're back in the bucket of "What do I do with this."
Do we share it with websites via STH Pollination even though it can
enable very reliable cross-origin linkage?  I don't think we can,
because (besides the privacy issue) we don't want to require the
website to resolve consistency proofs nor do we want the website to
give 4-week old STHs to other clients.  Do we share it with an
auditor-of-last-resort (after failing to resolve a consistency proof),
thinking that the privacy implications of a STH are much lesser than
the near-certainly of cross-origin linkage?

-tom

v2.23.0 | Report a Bug | By Email