Re: [Trans] Question regarding new gossip protocols [Was: Certificate transparency on blockchains]

Tao Effect <contact@taoeffect.com> Fri, 27 March 2015 23:58 UTC

Return-Path: <contact@taoeffect.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D1241A037C for <trans@ietfa.amsl.com>; Fri, 27 Mar 2015 16:58:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJ0rnkLKfg33 for <trans@ietfa.amsl.com>; Fri, 27 Mar 2015 16:58:22 -0700 (PDT)
Received: from homiemail-a8.g.dreamhost.com (homie.mail.dreamhost.com [208.97.132.208]) by ietfa.amsl.com (Postfix) with ESMTP id 1C2ED1A01A8 for <trans@ietf.org>; Fri, 27 Mar 2015 16:56:33 -0700 (PDT)
Received: from homiemail-a8.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a8.g.dreamhost.com (Postfix) with ESMTP id C0AD8D22077; Fri, 27 Mar 2015 16:56:32 -0700 (PDT)
Received: from [192.168.1.8] (50-0-163-72.dsl.dynamic.fusionbroadband.com [50.0.163.72]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: contact@taoeffect.com) by homiemail-a8.g.dreamhost.com (Postfix) with ESMTPSA id 52D0DD22072; Fri, 27 Mar 2015 16:56:32 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_95523F86-A5EA-45A6-8F58-B52C2801614B"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Pgp-Agent: GPGMail 2.5b6
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <alpine.LRH.2.11.1503271833020.6671@ns0.nohats.ca>
Date: Fri, 27 Mar 2015 16:56:31 -0700
X-Mao-Original-Outgoing-Id: 449193391.5396-a82fcb05ce9b49c34381a9898305cfb4
Message-Id: <FDF308F4-1DE5-4580-ACC5-CC4AE17981B1@taoeffect.com>
References: <007F2B41-C78E-4332-8206-7E4CB27A638B@kinostudios.com> <alpine.LFD.2.10.1503252231110.16175@bofh.nohats.ca> <2A773227-61C8-4196-8AFF-EC288A8AF150@kinostudios.com> <CA+cU71=7G5ZJMx3Vy+gXN00JpB61_6C+DLQRyCS=Hcq3vLR-Sg@mail.gmail.com> <CE157D3A-079C-4B09-B138-C21FD9D1FB03@taoeffect.com> <BAD439C7-60C8-44D4-89F9-AC6E5613A5EA@taoeffect.com> <CADqLbz+8br-F3CJEgTj8K3HmaGdNKfjCSeDtWrDmySmohhjXkw@mail.gmail.com> <alpine.LRH.2.11.1503271517430.14223@ns0.nohats.ca> <EAFF927A-E95B-4D5E-A631-E7209725AF18@taoeffect.com> <alpine.LRH.2.11.1503271833020.6671@ns0.nohats.ca>
To: paul@nohats.ca
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/n1HUdNFrd-KZXaDDYie0LhN9Wnw>
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Question regarding new gossip protocols [Was: Certificate transparency on blockchains]
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 23:58:24 -0000

Dear Paul,

This is fantastic news. Great work list!

I am working on a new blog post on this topic to post to the okTurtles blog and am getting ready to publish it.

If you (or anyone else on this list) would like to proof read a draft of it before it's published (sometime today, or tomorrow at the latest), please contact me off-list at this email.

> Yes, but I'm sure the authors would love to received improved text for this section of the document.

I'll see if I can come up with something. :)

Cheers,
Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Mar 27, 2015, at 3:36 PM, paul@nohats.ca wrote:

> On Fri, 27 Mar 2015, Tao Effect wrote:
> 
>> To illustrate:
>> A = server's real certificate
>> B = malicious MITM certificate
>> T1. Client receives A.
>> T2. Client receives B, sends back A.
>> T3. MITM pretends to leave, sends A. Client sends B.
> 
> T3 cannot happen. The draft states:
> 
>   SCTs and corresponding certificates are POSTed to the originating
>   HTTPS server at the well-known URL:
> 
>   https://<domain>/.well-known/ct/v1/sct-feedback
> 
> This means you must have a valid TLS connection to send the data. As
> long as the attacker does not have the private key of the attacked
> web server, this cannot happen.
> 
>> So, my question is: does your document properly take that into account and state that the data sent in 3.1.3 *must* be sent after a
>> fully encrypted TLS connection has been established?
> 
> Yes, but I'm sure the authors would love to received improved text for
> this section of the document.
> 
>> P.S. FYI Paul, any time I CC your email I get a bounced "Undelivered Mail" response:
>> 
>>      Final-Recipient: rfc822; cypherpunks@nohats.ca
>> Original-Recipient: rfc822;paul@cypherpunks.ca
>> Action: failed
>> Status: 5.1.1
>> Remote-MTA: dns; 193.110.157.102
>> Diagnostic-Code: smtp; 550 5.1.1 <cypherpunks@nohats.ca>ca>: Recipient address
>>    rejected: User unknown in local recipient table
> 
> Sorry about that. I added an alias to fix it. (my home DSL is down so
> mail is rerouted temporarily, and I'm far from home)
> 
> Paul
> 
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans