IETF Logo Mail Archive

Re: [Trans] Fw: Re: WGLC started for draft-ietf-trans-threat-analysis

Rob Stradling <Rob@ComodoCA.com> Tue, 22 May 2018 09:16 UTC

Return-Path: <rob@comodoca.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 237EB12E86C for <trans@ietfa.amsl.com>; Tue, 22 May 2018 02:16:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.931
X-Spam-Level:
X-Spam-Status: No, score=-1.931 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=comodoca.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JHbewdYhxWfN for <trans@ietfa.amsl.com>; Tue, 22 May 2018 02:16:27 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0040.outbound.protection.outlook.com [104.47.34.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76DCD12E868 for <trans@ietf.org>; Tue, 22 May 2018 02:16:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comodoca.onmicrosoft.com; s=selector1-comodoca-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7W+TSMMlZV8Sqmrd47uQDaGNv2ntQ1GWSTgU3ZXSPD0=; b=c8d6+w3Dr4bAkWuIFCe4rHjJdbFGLtPCkST9wrLumUErvYrKNNM960AjLzt1eYJDSS5+SLVUNAnRGYJi88jQD9Ia1++ET+d+hu0noQw67H5BOjbiMbSTo/2Pq4rjqH/6z+gPqAnIUUWMewMI2rWrMq1XQqckgX1yA10y7+tau0A=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=rob@comodoca.com;
Received: from [IPv6:2a02:1788:4ff:1000:f68e:38ff:fe7a:a226] (2a02:1788:4ff:1000:f68e:38ff:fe7a:a226) by CY1PR17MB0298.namprd17.prod.outlook.com (2a01:111:e400:58bc::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.776.11; Tue, 22 May 2018 09:16:25 +0000
To: Stephen Kent <s@zerho.info>, Trans <trans@ietf.org>, Ryan Sleevi <ryan-ietf@sleevi.com>
References: <alpine.LRH.2.21.1804161658150.17034@bofh.nohats.ca> <20180507122941.300b69582fa3acdb52b625af@andrewayer.name> <alhGtNm005X-hBR82niHi9RpJoLosgZF8ah8HC4qLzFX0PPStVGSTbgJtP-zrg1u8vgfb_IiQ70ANuRua2kjRf4zwutQHVRo3pE2PCgZfHo=@zerho.info> <CAErg=HH7XM=a3fyYeSLnGA+C1iYrZT6VRPdpMfJw-JVqUirjEA@mail.gmail.com> <yqGvHLiIFLQmYLTXEs2HOxQ9pP5_634xn8j11yFHd0kTzP0CrgQpvrOuunpLVTDMJTjSohfMkruNfl_-8buytZkxqrko2I__1Vqe5dJ4mx4=@zerho.info> <CAErg=HFChT=PZJXJXXMrObE_R7C6JUtoTVWVHSJ_1qFHbYGopA@mail.gmail.com> <H6YU269er4XOfoCJXCreRcvJxuC9Q-t3qoygTBrLpkQqnQCDou75SAXhM1S0UomT1VGphqB6L5hyEln3qfoA8RTozgAwzL0HW7AWjsqndiY=@zerho.info> <z_TIgNyWjgjV4k6G4deE0fHezpEeWD0UIwdPv1xJuQ1z2wLPVcgDPfogcAMW0bThJuuvI7S9H02au_l293RUfSmfZ7pnGyRxI_DHGCNe0gA=@zerho.info>
From: Rob Stradling <Rob@ComodoCA.com>
Organization: COMODO CA Ltd
Message-ID: <aeeabb93-7866-6ba1-089d-498ebd7ac1b5@ComodoCA.com>
Date: Tue, 22 May 2018 10:16:14 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <z_TIgNyWjgjV4k6G4deE0fHezpEeWD0UIwdPv1xJuQ1z2wLPVcgDPfogcAMW0bThJuuvI7S9H02au_l293RUfSmfZ7pnGyRxI_DHGCNe0gA=@zerho.info>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-Originating-IP: [2a02:1788:4ff:1000:f68e:38ff:fe7a:a226]
X-ClientProxiedBy: CWLP265CA0088.GBRP265.PROD.OUTLOOK.COM (2603:10a6:401:50::28) To CY1PR17MB0298.namprd17.prod.outlook.com (2a01:111:e400:58bc::24)
X-MS-PublicTrafficType: Email
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:CY1PR17MB0298;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR17MB0298; 3:ixmoRI6ATvnPZ4TAAv3YjX1YCsaEhVEuRkQTx9zubz+FJvaOqXy5kYbCt7R6b6AQiFVvXlF6WQfb9mD1y8wmEEvDX+zOR4wZ3lfpWLY+6td5agIvoSZwlcUif+GSBF4YFD7fd4a3jGd/dCG9tLiX9vA3VJpCJbQfN2gitLNPmHnu5Nop8PpNj1uu1h6mD9PeHHlIfIzo7tnO0EEMOqXC2mNq4MO+09lJcgnbi7npDt7xs2iuS6UAawVHAQkRNpuS; 25:J59fIaXGxkz6QpvEuj1PL0YjEpP/X2Q6mxLFOqmc4JfAxmrEydOZkkHFmvWXxKm1i4e1VUXiIdh4mMGCr+RkAy+yUTDctbAzvKThhLqmJgZYkJKJtPP5kAZAmsoX4Z64b0bLN7+UFRYBGrnV1qJuSofNOgPC3GzylyHVsvF+iyAa2/UtRziqoo9G2KlgtLC1FwKEepZx8ZSD01aVsQbiIfeq9kVU5Uz3fk2giGzlxUgDEjnU9DOpY2KUW5mgKuI+A472P3OjW6giiZL+RdELXAl22qtjJPLRMVAD8hCAXofNfrUNFPdASb3wMOQ9UUxKrN46+kTFqOTKQYBHXDEgig==; 31:6yv9CmjjTnENwio8v+C3eGxB0SMBMaPU8pYCvoesJk9T6UXRS3jpYVLMc17R2dzjnETvvoZbVvB/14W49ELkaYD9MerTQxH49NYl0aFgx6gZWzjfBpQ188CKaQdfrZ9ZJ0KwEIRUp/cD3M4L0bxfZART8cps3GTggJ5/a5IQCejadvewWvONO49m8uZta6l3VjV62Ivt0Gxs1or7Wu+iGabMetJhcUDzKvEuh4HMC3w=
X-MS-TrafficTypeDiagnostic: CY1PR17MB0298:
X-Microsoft-Antispam-PRVS: <CY1PR17MB029809B40AE7C0378069D652CD940@CY1PR17MB0298.namprd17.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(3231254)(944501410)(52105095)(93006095)(93001095)(10201501046)(149027)(150027)(6041310)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:CY1PR17MB0298; BCL:0; PCL:0; RULEID:; SRVR:CY1PR17MB0298;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR17MB0298; 4:Tj1cTicsiFs5hAeKnKQWQi/5X9V+j1vgV0z+uKPnhHfCiEtHw5JDdjf53vP4jJ31z9PSOIYy7BbsS12cot4qFdk+dINfTsdzFWGw02YpSMcdNrIJlwnQNlaNtfUSlB1bJDe9PlHscZL5S7EXMmBAbNxuV2zYIs6YYzGxGw3Wzi9XeiFXQbhgSvq8Oay2UbuRNAlkUgvaWb3R1r9G5ND/cEaDVkmB+ab5E8O2yKwv+1oJ5H2jTdr4rDCfKYAgJKvt/rgtD4FdLtlTcnnYjpvKdA==
X-Forefront-PRVS: 0680FADD48
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(396003)(366004)(39840400004)(39380400002)(376002)(189003)(199004)(68736007)(106356001)(76176011)(2906002)(36756003)(186003)(16526019)(2870700001)(53546011)(46003)(386003)(6486002)(229853002)(64126003)(47776003)(65806001)(110136005)(97736004)(50466002)(65956001)(86362001)(478600001)(31696002)(52116002)(2486003)(36916002)(52396003)(65826007)(52146003)(23676004)(93886005)(105586002)(67846002)(5660300001)(58126008)(11346002)(25786009)(305945005)(7736002)(6246003)(476003)(6666003)(486006)(6116002)(2616005)(8936002)(1706002)(53936002)(81156014)(81166006)(316002)(446003)(31686004)(8676002)(781001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR17MB0298; H:[IPv6:2a02:1788:4ff:1000:f68e:38ff:fe7a:a226]; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
Received-SPF: None (protection.outlook.com: comodoca.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;CY1PR17MB0298;23:cj1iIr/Jc3USMSmYuH1FIRId5hB8MfBPmigeUdIAObiwzV4pJi7MqWApT0H0sC/pF/saM7Z4tz9YkmO5d0jAhbYpMw4JPuZyks4wACznXUep5BzsunGs+E9VJYvTGYGp1or4Hqv7VHitzqMQ0LnSRaGPYkTPZ3JqrJS2sS2vJzCuwGSkU8qFSuQBhIHaJUoqT7A+mqVHvnkcD4dyDPvR+UL7xsP+owEVur7Gu03M3heejWRk0jlVE057MxgZgNVkMNSxQyRSC8ov4mSdAo7fNb0WR9eiUj//OwMJnzXMJ+O9Avk+wGFtxNaT1Im2CElJcbY9MUApq4gUTX3D0rXB3lfWsN3YidQ4uLNSn8GyjXnlN/lT8Z+XAUXNBHWn999KoSL/7mKGVYbY4wZPFsvkFZfvbPao0SdC0KlhFnfCfkMFnJ6h+IBZwMkeszSVZVwDz7PXbHPeEu/KM02H0ZeBSJJ/nWKeuc4sU8iqM0HgZETBSlxLpPaehG9kIwwoP7x4OkAEVXzTQUb9DSkeLxmJ768B+Pip8Ah/Dcf6nkoz0Uaz0SdHU4ACDs7uBzfyBQxx/berKuW4RqQtfDCrqyEWAYOaid28DTy0td9iVw7Qddrad/5nGN8hkFLguDybsG9mplRCkXLCtgUzjc+maWrJUZShz+qMRTAWrNYPGm7C3w0+63b9q8rRW/sS99TNt9uUFYKLlb5qCLNBVMAZ0LfvNPKSbNfm1ok7NV0sWIaTGxHRecWrWqWOvGrQsqYRX2q809h7SUAmW/U2Rwy4vjT/9GQpv+eh7jvt4TKfXMK2KB+eKWNefWQuKd5Z7gXIv5PKaWWpzpY9+ah5b7Vz5HxTnjncEuwehXEswe9jCjt3zI4xQcFyuYzXBEErjNSuKqIwKDuAW00R7pKj9xy7WiF4hRvUZrlgaUae+y9OHctTiNpR5L8LaTrfWGpo3wSuLaqvg2qqBHH9BL5MdtR+saeYPy0pzuPpjZUFk0F6a5hmxV/abGGWt5qCW49YPzjh9pkjjUGlQ6iNFoHDhAd1pPxzVLC85847WIsTx9koIXnhLQXFJ9wrzOphgHEHvqCVwyt0nNb/VLfQ4mrsYTLDGPO9qhVE7jVopQMlYj+RKjDeTI2e4OSTzZ24Cs7Viwb7GYEQymZ+kHl7UhlqEnPEA8cGWsedXZHh4TNoboSK7B1Vj39jNYSaaVviVAhyp9qUom1vQnovESW2a7uY/6/syJSvrehdUtwtRp7jrbdp+fsJv8Tyi7u2Wu7bXIhlyJKX5dGS40bM3qjBvFgPPmprA8FEBk8knaXwvgcGawWK5SVyZ4RgHwhNYKADGhTkzZV74vjnAS1WDooAGSbD13Vm514NkqJM563/g8XO2gWnvxQnzCebYZzpgYHlHb6IoVmtI3Rx
X-Microsoft-Antispam-Message-Info: NS1Klaro+wHsRWUJ1lUTKjUiPtfs1nvZZr5DYlMvN4mPWG/AlmnDj4fLJ1C8AJ5QjBMlbCVo97FxlJvlIkWsbhrsZFi+pweBHMjhPfr2rryVKZuhft8dhGWnhh+wIqYpFFzHYxpLBtbeEgjZmsf+pTF5dj9Sdqk78T981gOyUKGCzLBJLoXkh8ARezBoI9Q0
X-Microsoft-Exchange-Diagnostics: 1; CY1PR17MB0298; 6:Ua3qJS7GEb57ZdQoTDhjEG/nbZ9qw5PKSTVAoVoCX/+0zx0tC9OIL88extjz9tR46QtfW8hp5TkUCnAw3zCbPa7wWTzmDnQSTP5VUtO496zvNRJo+dFQbxw+0wop1B4rJ5ArQC5rkHcf+M8k0WivUSZJ8Tfx/MnRbJIrxtqxYXA4HW3ZwGsH+8wFJHYSes75ujQG+mGtZcujpSoCuAeVNJolUl0VmBRrOcmzplIwxpyslUgEslPmU0/nQ6mdcG5UnAs0SjP0qyeFJDx5aWSEzxdVJBgb8eM1b/zC9HihVlFLS6Fr9OnAWoGInKCqY67b5GtowFDuireQzIQOsgNNCFhWmPBssTlvG0hXTtPJ6Ief5vHcdcRWNpEOgkQKRGL4nTPVWtfMd/P/PYAYkWxADwnPgAHueGmHpcsv1p1fvJK2QOCvnMh0bzJQCS2/PbtEKxCTSVgsljE9il1bZwuc/w==; 5:omLCaVRYsFRdLbiRpTyjvT1xzcWHUP2MTM9RomapAYHNSDVw8y604iD4DrgmQ4JnnboF+SqaJwVRuBkyZolNrm5CEbeX6L50E9OTOBoK9bbne+Sx3WVt0EDmX9kGYFRwk9APqP5IQjRKpcZbr4L1KSKmqjHej68rsOmxN96BxI4=; 24:3lx/XpUGLg03zlaDf3bqr9S37vqQwSi/jPVWS13mlIe3ls/cWWMApdwSC/yF0Tj9Khj+lsNQgbuAD6x0Oipt5GTYNXwlQTZZDV7PUkh3Ebc=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; CY1PR17MB0298; 7:EhjYnD3d8jNPOf0rdnzTVDYtxskMlXBfJwrQrfEnZXquHcXHBnXvGlJnRdDc2sBKIsess4j9J4tmY0zNU2S4QoJ+B+wbtbifGUr5Vm+7K1SM60Bvh7a7UUqKqHspz3HJrzvqPC2En0qrdzn1YYIH9Kr0T4LKBZijcKmMri6Ehxmvb/ZmRuzVfIWoLucUII9cGCtl70SoVupNvXbYbrRljqntuDPo1J0WKhJIkknpONhFPCN3xCXQSkYKtkQz+1SH
X-MS-Office365-Filtering-Correlation-Id: f998651c-694e-43c7-c590-08d5bfc4b1fb
X-OriginatorOrg: comodoca.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 May 2018 09:16:25.2261 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f998651c-694e-43c7-c590-08d5bfc4b1fb
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 0e9c4894-6caa-465d-9660-4b6968b49fb7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR17MB0298
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/oftmtLVnRgmMCCGadU_f85U3AJg>
Subject: Re: [Trans] Fw: Re: WGLC started for draft-ietf-trans-threat-analysis
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 May 2018 09:16:34 -0000

On 21/05/18 19:05, Stephen Kent wrote:
<snip>
>>> Monitors watch logs to check that they (logs) behave correctly
>>> Monitors watch logs for certificates of interest
>>> Monitors watch logs both to check that they (logs) behave correctly 
>>> and to check for certificates of interest.
> 
> OK, I now see why the “or both” makes sense, but it appears to be wrongJ.
> 
> 
> Both descriptions of Monitor operation in 8.2 say that step 4, checking 
> for a certificate of interest, is performed “If applicable”. That 
> implies that steps 1-3 and 5 are checking to see if a log is behaving 
> correctly (in a very basic sense). So, it seems that Monitors are always 
> checking logs for consistency, and optionally checking for certs of 
> interest. If so, the opening sentence should say that Monitors watch 
> logs to check that they behave correctly (in a basic sense) and, 
> optionally, they watch logs for certificates of interest.

crt.sh does not currently check logs for consistency.  (Maybe one day 
I'll get around to implementing that).

crt.sh does check for "certs of interest".  (It downloads all the certs 
from all the logs, and takes the view that all certs are interesting ;-) ).

Is crt.sh a Monitor?

-- 
Rob Stradling
Senior Research & Development Scientist
ComodoCA.com

v2.23.0 | Report a Bug | By Email