Re: [Trans] Ticket 170
Linus Nordberg <linus@sunet.se> Wed, 10 May 2017 12:51 UTC
Return-Path: <linus@sunet.se>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 771C9128CFF for <trans@ietfa.amsl.com>; Wed, 10 May 2017 05:51:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.802
X-Spam-Level:
X-Spam-Status: No, score=-2.802 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nL0MRIjGN3Pa for <trans@ietfa.amsl.com>; Wed, 10 May 2017 05:51:05 -0700 (PDT)
Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC1A5129447 for <trans@ietf.org>; Wed, 10 May 2017 05:51:04 -0700 (PDT)
Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id v4ACp1cV017955 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 10 May 2017 14:51:01 +0200
Received: from flogsta (smtp.adb-centralen.se [IPv6:2001:6b0:8::129]) (authenticated bits=0) by smtp1.nordu.net (8.14.7/8.14.7) with ESMTP id v4ACovZ0018726 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 10 May 2017 12:51:00 GMT
From: Linus Nordberg <linus@sunet.se>
To: Eran Messeri <eranm@google.com>
Cc: trans@ietf.org
Organization: Sunet
References: <4058f163-97f9-2ba3-8730-f2f2e0b0bb5d@gmail.com> <20170509113826.69c9822ecca8b7ba833df719@andrewayer.name> <319e0da7-2daa-e6eb-140a-17a9eb51d7cf@gmail.com> <CALzYgEf=xsVWm0OXMhCGnuybW3ce_9GW6VASFv2+VEt=nCy2Gg@mail.gmail.com>
Date: Wed, 10 May 2017 14:51:05 +0200
In-Reply-To: <CALzYgEf=xsVWm0OXMhCGnuybW3ce_9GW6VASFv2+VEt=nCy2Gg@mail.gmail.com> (Eran Messeri's message of "Wed, 10 May 2017 11:44:14 +0100")
Message-ID: <87k25ozxhi.fsf@nordberg.se>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: CanIt (www . roaringpenguin . com)
X-Scanned-By: MIMEDefang 2.74
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-nordu-net:default, nordu-net:default, base:default, @@RPTN)
X-p0f-Info: os=unknown unknown, link=Ethernet or modem
X-CanIt-Geo: ip=2001:6b0:8::129; country=SE; latitude=59.3247; longitude=18.0560; http://maps.google.com/maps?q=59.3247,18.0560&z=6
X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default)
X-Canit-Stats-ID: 0aTiAP1qa - b343ab6f67b3 - 20170510
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral (e-mailfilter02.sunet.se: 2001:6b0:8::129 is neither permitted nor denied by domain linus@sunet.se) receiver=e-mailfilter02.sunet.se; client-ip=2001:6b0:8::129; envelope-from=<linus@sunet.se>; helo=smtp1.nordu.net; identity=mailfrom
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/slDhAuH3WW1AvX9wManfViWe4fg>
Subject: Re: [Trans] Ticket 170
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2017 12:51:08 -0000
Eran Messeri <eranm@google.com> wrote Wed, 10 May 2017 11:44:14 +0100: > However, compromise of any of those security domains (either in the form of > stealing key material or compelling signing of arbitrary SCTs / STHs) would > create a breach of compliance with the Merkle Tree properties required in > 6962-bis: > * If a rogue SCT is issued, it will fail auditing - the log will not be > able to produce an inclusion proof to any STH. > * If a rogue STH is issued, it will fail consistency checking - the log > will not be able to produce a consistency proof to other STHs. > * If a rogue SCT and STH are issued, then the rogue STH will fail > consistency checking. > > Both kinds of failure are equally bad as far as 6962-bis is concerned: > Because of the tight coupling between SCT and STH signatures, I don't see > the value of using a separate key for each. I've so far been thinking of a misissued SCT as a less severe breach of log compliance. SCT's are silly creatures anyway and we'll have to dispose of them ASAP, aight? That's probably not correct. An adversary who can continously produce SCT's wouldn't even have trouble fooling TLS clients which refused to accept an SCT with a timestamp older than now() - MMD. Which leaves us with an even smaller class of attacks. I withdraw my support for separate keys for signing SCT's and STH's and will update #170 to reflect this. Thanks for your patience.
- Re: [Trans] Ticket 170 Andrew Ayer
- [Trans] Ticket 170 Melinda Shore
- Re: [Trans] Ticket 170 Melinda Shore
- Re: [Trans] Ticket 170 Eran Messeri
- Re: [Trans] Ticket 170 Linus Nordberg
- Re: [Trans] Ticket 170 Melinda Shore