Re: [Trans] [EXT] CT Log Costs and Incentives
Tarah Wheeler <Tarah_Wheeler@symantec.com> Thu, 23 March 2017 16:57 UTC
Return-Path: <Tarah_Wheeler@symantec.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF3C3129A57 for <trans@ietfa.amsl.com>; Thu, 23 Mar 2017 09:57:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=symc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eKfen3eSGiJR for <trans@ietfa.amsl.com>; Thu, 23 Mar 2017 09:57:55 -0700 (PDT)
Received: from asbsmtoutape02.symantec.com (asbsmtoutape02.symantec.com [155.64.138.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 938F5129A5B for <trans@ietf.org>; Thu, 23 Mar 2017 09:57:55 -0700 (PDT)
Received: from asbsmtmtaapi02.symc.symantec.com (asb1-f5-symc-ext-prd-snat6.net.symantec.com [10.90.75.6]) by asbsmtoutape02.symantec.com (Symantec Messaging Gateway) with SMTP id BC.49.37454.29EF3D85; Thu, 23 Mar 2017 16:57:54 +0000 (GMT)
X-AuditID: 0a5af81a-8fa559a00000924e-b3-58d3fe92f876
Received: from tus3xchcaspin01.SYMC.SYMANTEC.COM (asb1-f5-symc-ext-prd-snat6.net.symantec.com [10.90.75.6]) by asbsmtmtaapi02.symc.symantec.com (Symantec Messaging Gateway) with SMTP id 02.23.09705.29EF3D85; Thu, 23 Mar 2017 16:57:54 +0000 (GMT)
Received: from tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) by tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Thu, 23 Mar 2017 09:57:52 -0700
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (10.44.128.5) by tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Thu, 23 Mar 2017 09:57:52 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symc.onmicrosoft.com; s=selector1-symantec-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=69HWckkr2H910BqUvGVUo/uRX7X7lrIGPLv9rFnetr8=; b=aqDREmuSWSNF1t3YZuXvC7+De6OPibGb2o1PE3J6Goyw2mtWFcOckiqJZ9HDRfoW2JeXZ77g/0Bm78iqd3FhkIe/D8Rc4Ok9d5MxmsLUEjpvtzwM+80EHryWkbQ/ypMjpRU512giigbiV9LgMRcveeVOYO51pQYmoF7DZi5pWGA=
Received: from BN3PR16MB0899.namprd16.prod.outlook.com (10.165.81.153) by BN3PR16MB0898.namprd16.prod.outlook.com (10.165.81.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.977.11; Thu, 23 Mar 2017 16:57:51 +0000
Received: from BN3PR16MB0899.namprd16.prod.outlook.com ([10.165.81.153]) by BN3PR16MB0899.namprd16.prod.outlook.com ([10.165.81.153]) with mapi id 15.01.0977.021; Thu, 23 Mar 2017 16:57:50 +0000
From: Tarah Wheeler <Tarah_Wheeler@symantec.com>
To: Steve Matsumoto <steve@stevematsumoto.net>, "trans@ietf.org" <trans@ietf.org>
Thread-Topic: [EXT] [Trans] CT Log Costs and Incentives
Thread-Index: AQHSo97ZnoxmhgFOfkyq20FZ4OfU4KGiYmiA
Date: Thu, 23 Mar 2017 16:57:50 +0000
Message-ID: <D4F97678.502E%tarah_wheeler@symantec.com>
References: <ca34d76c-305b-3064-46c0-08163b59b46d@stevematsumoto.net>
In-Reply-To: <ca34d76c-305b-3064-46c0-08163b59b46d@stevematsumoto.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.2.170228
authentication-results: stevematsumoto.net; dkim=none (message not signed) header.d=none;stevematsumoto.net; dmarc=none action=none header.from=symantec.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [155.64.138.28]
x-microsoft-exchange-diagnostics: 1; BN3PR16MB0898; 7:FnwpAhRRzFicfjmJjlaI6TTbZfFmp7RE+l3oZVOd2j/F9jEGvB+SusVS6qrSUQy9SZtKIW9DzUqLDjedBnsO98toninzk7OhsJ45R+Etmzjj7vuBHHiSYHwT8JidVTx0fSnrGJbX1HM5a/IL0WtOH+WUpsUpH0hfoA6DdOOHK16dpVbeFrP2K0jYf0hGruu540vR74xM9UOEbiOBL6IhrLTrLsefzxqJ8KzihcMGq5pEE+OP+YYorKYAx7DuV8TfJ/AhmLlUlR9AI4VuHz/JoamFBzL6ULtUobYkcEsKgHR7/pyv5LVARxCXslDjHNVOncBNeJfHhCVYY06IF83AeA==
x-ms-office365-filtering-correlation-id: 78de0ba5-536c-49d8-e566-08d4720dbdb4
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075); SRVR:BN3PR16MB0898;
x-microsoft-antispam-prvs: <BN3PR16MB0898FC16F41A53E84B63DB8DFA3F0@BN3PR16MB0898.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(72170088055959)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6041248)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(20161123558025)(6072148); SRVR:BN3PR16MB0898; BCL:0; PCL:0; RULEID:; SRVR:BN3PR16MB0898;
x-forefront-prvs: 0255DF69B9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39450400003)(53754006)(377454003)(24454002)(2501003)(6512007)(6306002)(99286003)(66066001)(81166006)(86362001)(53936002)(575784001)(53546009)(83506001)(3660700001)(2906002)(5660300001)(3280700002)(2900100001)(8676002)(8936002)(6436002)(6506006)(76176999)(305945005)(38730400002)(36756003)(189998001)(7736002)(50986999)(10290500002)(6246003)(54356999)(122556002)(80792005)(3846002)(77096006)(6486002)(229853002)(102836003)(6116002)(25786009)(2950100002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN3PR16MB0898; H:BN3PR16MB0899.namprd16.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-ID: <535912BD622B4D48BAA4412EFC2378A6@namprd16.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2017 16:57:50.6140 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3b217a9b-6c58-428b-b022-5ad741ce2016
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR16MB0898
X-OriginatorOrg: symantec.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02SbUhTYRTHee69W3er0dPSPK4P6Wr04rJNLP0QUkJiaRhKNMyo67yk+co2 XfYlrS86DbQXq813l2QopEOxdAuWWWlRpjgVUURFdPRBS00saXdXoy8Pv3P+5/+ccx4empRa BDI6LcvA6rKYDLlQTIkTY4RH728MalSud4rwAWchCm+ZHqBOEdFW6xoRvWZpIi8QieKTKWxG Wh6rOxZxTZz65ueSIMdy+OZKVfW2AvT6gAmJaMChYG+wCUxITEvxIoIHU/WCLeFOywTJC6sI 1l11Qj7oRVBkb0B8MI/ge+mst4zCxSSsjFVSvFJBgPnDKPnPs3G326PQtBCrYHEkkUMfnADO 9jiu3258AuYalhDHPjgM+lfNBM8hMHSny8sUVkCbo5LgrBJPfef4RS4txWegwlTtHVuEo6Cw lWskohHeA6t9zV4rif1gbKaG4FfDYO3+QvLsC/PTG16vLw4Gx8ayd0uE6xAslJRtvoUSPrtm ENcXcCDY+/O5GsClJBTcW9y86DzMtU9QPCeBra4S8ZwOPeVzFO+Ngd4eHe81E1DjdlBlSGX+ bz6elVDbtSTkORoqapo280HQWOcmOZbgXfDx6QxViwQvUACjT9ZnGrJzDUwOqwoJ1udnarmD 8XwYbbA2O7MNeb/ML1knmhmPdSJMI/kOycKfQY1UwOR5Kp0IaFLuI5l2e1KSFCb/FqvLvqrL zWD1TrSXpuR+kvKMrxopvs4Y2HSWzWF1WypBi2QFaOcrd1G1zGi4pLZ1WGsDR0KrjM/V54ZN WqY4SKjRDuFnzTaF0qdj6lNr5FTbqiZh3+MJhdHxxKT+bbVb/OOaA2Lbw9ZZ4od2MsroKnkU IRipOu1Qvne+HU7uuxE5u99N+48yltuT2haLOP5yV/zZ7d/qlx8ePJ505VBjJX4pp/SpjPoI qdMzfwFkGQNDLgMAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPIsWRmVeSWpSXmKPExsXCFeXNpjvp3+UIgz9zxS0uHmpktFj7+CKL A5PHkiU/mTx+zl7JHMAUxWWTkpqTWZZapG+XwJWx/8sn1oLZmhXf5s5jb2DcpdLFyMkhIWAi 0bT2HnMXIxeHkMB3Ronf1xeyQTjHGCU69i5mhHBeMkq87XkKVsYi0Mks8e3WHBaIzDQmiVkn bjLD9fxr3gOU4eBgEzCQ+HgjCsQUEQiWOLTVH2SfsICZxPPFnxhBbBEBc4nT32cxQdhGElea doPZLAKqEpv2zWECaeUFqt9xJxQkLCTgKjGtax4riM0p4CbRuBFkEScHo4CYxPdTa8BamQXE JW49mc8E8ZqAxJI955khbFGJl4//gfWKCuhJ7Pv3FexLRoGFjBKvuiewQhTpSJy9/oQRZK+E gKLE3tOVIDUSAj3MEg29H6EG+Uo833qPBcKOkdi8cA4jhJ0tcWTicxaIXm+JY0eKIHpnMUnM f70PKi4j8eOYAUT8K4tEy6sDrBMYdWYhuRvC1pFYsPsTG4TtITFt/kqouLbEsoWvmUFsXgFB iZMzn7AsYGRdxaiQWJxUnFuSW5KYWJBpYKRXXJmbDCISgeklWS85P3cTIzjF/BbfwXjuj88h RgEORiUe3ojPlyOEWBPLgCoPMUpzsCiJ894w3BQhJJCeWJKanZpakFoUX1Sak1p8iJGJg1Oq gVHFge9Ah6Kwl7n2JtfyDyvCa3p4vnk57PLczzObg9WQMS1RMNQ5MKBrWduhwn18E7JPPFx0 z/jO7zOP+JJ720qzJl44k/zW7d6fJx9erZ0hIzRxuyRH+QapaWmvjN6cC3K8EvreSFTm664H kbssHsh8/PLq8/37iSqfll4uuaF24qSphhnvZS4lluKMREMt5qLiRABvApSiEgMAAA==
X-CFilter-Loop: ASB02
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/plxXkDy4ooeTl8jTZ6fiIFiOH-g>
Subject: Re: [Trans] [EXT] CT Log Costs and Incentives
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 16:57:58 -0000
What are the financial incentives of the non-opaque log operators? I mistrust altruism as regards incentive for long-term stability. Is log operation a loss leader for orgs that provide other, more profitable services? -- Tarah M. Wheeler On 3/23/17, 10:07 AM, "Trans on behalf of Steve Matsumoto" <trans-bounces@ietf.org on behalf of steve@stevematsumoto.net> wrote: >Hi everyone, > >I've been thinking lately about the incentives that certificate logs >have for operating, and would like to start a discussion centered around >the costs and incentives for certificate log operators. > >It seems to me that CT relies on the altruism of log operators. As far >as I know, logs don't receive any sort of compensation for operating, >and of the current known and included logs listed on the CT site [1], 4 >are run by Google and 5 are run by CAs (Symantec, WoSign/StartSSL, and >CNNIC) that had some sort of security incident in the past and had to >implement CT as a result [2-4]. So besides the fact that CT will be >required in October, what incentives are there to run a certificate log? >Are there any plans to add incentives for logs to operate? > >Complementary to the above question is whether or not the incentives >that log operators have outweigh the cost of running a log. I estimate >that the storage cost of the certificate entries for the largest log >(Google Pilot) is on the order of several hundred gigabytes, and that >the cost of reliability, staff, etc. is quite expensive. But if there >are any log operators who can comment more on this, that would be great. > >Moreover, as far as I know, CT also relies on the altruism of log >monitors. Logs currently don't offer a way to retrieve entries by domain >name, so it's difficult for a domain to query the logs for its own >certificates (some of which may be rogue). Moreover, proving that a >certificate is not in a log requires checking the entire tree. >Therefore, CT needs monitors who periodically retrieve all newly-logged >certificates and check for suspicious certificates, and it's not >entirely clear how monitors decide whether a certificate is suspicious. >What are the incentives for these monitors? > >Given that the number of logs is small and will probably be limited by >Google (partially because monitoring becomes difficult otherwise), are >there any plans to incentivize the "best" logs, i.e., those that keep >the most certificates or have the highest uptime? Is incentivizing logs >in this way something that we should do? > >I'd be very interested in getting feedback from everyone, particularly >log operators and monitors, about this. > >-Steve > >[1] >https://clicktime.symantec.com/a/1/59oePpKbG62hyNDvpJjPTDfulpqyjTGck38AfdP >V-S4=?d=CAG1JfK0a4CVoHF5eYIXWtRfPfhblXEujp476xHAieYvJKc-xm9IvfgPMVtpK-UKNt >Ayuo_LQxDM_vZcwOM-XKD68Mr1VKghAGdrKdDLhRDyqeE7Wdv2QMaqfZLzptPpJ5xLjGfHLMj6 >LmTMLEt2KSnv0aACLYGg6CTfkhgYCRANSHKsKfy_yaf0IyK7qidqN_oYO6CYyEai3x8ytUDPBy >dnl9HmlLO86sl5AUXAs_XfYG3reUGYOKzzL_jKBkUV25kTgwNnvNsKsgBwHRo5MqM5ZYk3EqhP >XTOgwbFp9icvYN76ahOcI0UmsGJVELJpI2A3CIsZ-In3uc-QQVfU92AOSlCf9RtcflWCpFBjX8 >p_VgXXyvCywwg9cmXjr_8YzTRM6Tc%3D&u=https%3A%2F%2Fwww.certificate-transpare >ncy.org%2Fknown-logs >[2] >https://clicktime.symantec.com/a/1/mw81gxILG0yv90ZXFS1qixOhC68j21cVWOlygtZ >HNc8=?d=CAG1JfK0a4CVoHF5eYIXWtRfPfhblXEujp476xHAieYvJKc-xm9IvfgPMVtpK-UKNt >Ayuo_LQxDM_vZcwOM-XKD68Mr1VKghAGdrKdDLhRDyqeE7Wdv2QMaqfZLzptPpJ5xLjGfHLMj6 >LmTMLEt2KSnv0aACLYGg6CTfkhgYCRANSHKsKfy_yaf0IyK7qidqN_oYO6CYyEai3x8ytUDPBy >dnl9HmlLO86sl5AUXAs_XfYG3reUGYOKzzL_jKBkUV25kTgwNnvNsKsgBwHRo5MqM5ZYk3EqhP >XTOgwbFp9icvYN76ahOcI0UmsGJVELJpI2A3CIsZ-In3uc-QQVfU92AOSlCf9RtcflWCpFBjX8 >p_VgXXyvCywwg9cmXjr_8YzTRM6Tc%3D&u=https%3A%2F%2Fsecurity.googleblog.com%2 >F2015%2F03%2Fmaintaining-digital-certificate-security.html >[3] >https://clicktime.symantec.com/a/1/L7ETjKNjE6aJIg2kJxMA-ySmW4-RcYG3BFCECcQ >T--k=?d=CAG1JfK0a4CVoHF5eYIXWtRfPfhblXEujp476xHAieYvJKc-xm9IvfgPMVtpK-UKNt >Ayuo_LQxDM_vZcwOM-XKD68Mr1VKghAGdrKdDLhRDyqeE7Wdv2QMaqfZLzptPpJ5xLjGfHLMj6 >LmTMLEt2KSnv0aACLYGg6CTfkhgYCRANSHKsKfy_yaf0IyK7qidqN_oYO6CYyEai3x8ytUDPBy >dnl9HmlLO86sl5AUXAs_XfYG3reUGYOKzzL_jKBkUV25kTgwNnvNsKsgBwHRo5MqM5ZYk3EqhP >XTOgwbFp9icvYN76ahOcI0UmsGJVELJpI2A3CIsZ-In3uc-QQVfU92AOSlCf9RtcflWCpFBjX8 >p_VgXXyvCywwg9cmXjr_8YzTRM6Tc%3D&u=https%3A%2F%2Fsecurity.googleblog.com%2 >F2015%2F10%2Fsustaining-digital-certificate-security.html >[4] >https://clicktime.symantec.com/a/1/TgVn9TlunMWDKiq9pWSvDsi2V-ip6xtqx8yPiWe >0ZuM=?d=CAG1JfK0a4CVoHF5eYIXWtRfPfhblXEujp476xHAieYvJKc-xm9IvfgPMVtpK-UKNt >Ayuo_LQxDM_vZcwOM-XKD68Mr1VKghAGdrKdDLhRDyqeE7Wdv2QMaqfZLzptPpJ5xLjGfHLMj6 >LmTMLEt2KSnv0aACLYGg6CTfkhgYCRANSHKsKfy_yaf0IyK7qidqN_oYO6CYyEai3x8ytUDPBy >dnl9HmlLO86sl5AUXAs_XfYG3reUGYOKzzL_jKBkUV25kTgwNnvNsKsgBwHRo5MqM5ZYk3EqhP >XTOgwbFp9icvYN76ahOcI0UmsGJVELJpI2A3CIsZ-In3uc-QQVfU92AOSlCf9RtcflWCpFBjX8 >p_VgXXyvCywwg9cmXjr_8YzTRM6Tc%3D&u=https%3A%2F%2Fsecurity.googleblog.com%2 >F2016%2F10%2Fdistrusting-wosign-and-startcom.html > >_______________________________________________ >Trans mailing list >Trans@ietf.org >https://www.ietf.org/mailman/listinfo/trans
- [Trans] CT Log Costs and Incentives Steve Matsumoto
- Re: [Trans] [EXT] CT Log Costs and Incentives Tarah Wheeler
- Re: [Trans] [EXT] CT Log Costs and Incentives Devon O'Brien