IETF Logo Mail Archive

Re: [Trans] Future work

Ben Laurie <benl@google.com> Thu, 17 August 2017 09:33 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A2C313266F for <trans@ietfa.amsl.com>; Thu, 17 Aug 2017 02:33:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EbtagrqaCjsb for <trans@ietfa.amsl.com>; Thu, 17 Aug 2017 02:32:58 -0700 (PDT)
Received: from mail-vk0-x22d.google.com (mail-vk0-x22d.google.com [IPv6:2607:f8b0:400c:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6219C13247A for <trans@ietf.org>; Thu, 17 Aug 2017 02:32:58 -0700 (PDT)
Received: by mail-vk0-x22d.google.com with SMTP id d124so20512052vkf.2 for <trans@ietf.org>; Thu, 17 Aug 2017 02:32:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=D5hX9VJpWuwKPfAv6HNtYYnppN+16EsJvmBkMTTXrgE=; b=TRVZBvfxyvv8410nB/gUq7QRvF2m8+QGGQAv3CkOJzB+iloYFweSt4/sYBOLxapyXL xAGi0HE+mG5O6lOwmrmRW2lcOErjdoYU2m0V7aTC0xAjnOnhHknTUusLIr9o05bF4Ypw myBjBAv0aq6WCqP4HCERA3s8vCQby/bjxJ0SL/qA3cGIBdSpZGxCfUPUrrwTlw089Zl8 iR+boO8YYO4/YAN2I/FbWZEgTKWAgq/ljdCsRJGxSsmYrLmvBjipZPL5UC48sacqVKRK YoFUmbJGMPhU8hMUTRAoXzh9ICp8gq0cHAZQk1CFMwV1LR2oo/fEN/6jrd9+tY+126Hx LwvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=D5hX9VJpWuwKPfAv6HNtYYnppN+16EsJvmBkMTTXrgE=; b=j1hgDhWnjnfUjWXtFYnZ3r71qu9QDnnRUmKuT5wnvlEEZeF2RKEKsCAt6+7Vn4X4XF qZV4TKmlkWIxS+LvIbpBcB13sAwfyEg52+fnUN1BzxnIDdHjnDHAj2ugDjXilnQ0ZmBx o2eDVlfSBIBNl4vvgMFbXrTkmuKcZs5pRdjiuyS6r3OgmzGwOpHtIurVRBrERwuYPzn4 i0ApIfYuJyNfk0U2r1ZkgWHILbI4yY2ErJmROJM36ixoJ1YMaTfhWku34wR63AGQ6m5a mXlxXfqAjOwdk7N0aYxKOdOyTLyNy0l2causoxBZ7BcPLojZQ4gli8U2MppOFPzC7KON hB1g==
X-Gm-Message-State: AHYfb5gqmwqWRcUGpueX2oz1yfEDshztzjxEWxCiIBQEkMy8LNDzROKX WQxFazyVNlLkT0WK5xtcjA3TKyLiJwuz
X-Received: by 10.31.89.195 with SMTP id n186mr2946468vkb.5.1502962377217; Thu, 17 Aug 2017 02:32:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.164.140 with HTTP; Thu, 17 Aug 2017 02:32:56 -0700 (PDT)
In-Reply-To: <20170816130921.01d50cfec40efb33ab4f0618@andrewayer.name>
References: <2a482e03-7ac9-d5e3-9d69-7694daf1265b@gmail.com> <20170816130921.01d50cfec40efb33ab4f0618@andrewayer.name>
From: Ben Laurie <benl@google.com>
Date: Thu, 17 Aug 2017 10:32:56 +0100
Message-ID: <CABrd9SQYWYSxd4hUyRrqCpqJ20sHOUdULpQ0q+qkqCFa_sEVsw@mail.gmail.com>
To: Andrew Ayer <agwa@andrewayer.name>
Cc: Melinda Shore <melinda.shore@gmail.com>, "trans@ietf.org" <trans@ietf.org>
Content-Type: multipart/alternative; boundary="001a114e1ff29b64570556efb2ce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/tmD1eIzA_D0hMDcAfHMoQFOIACs>
Subject: Re: [Trans] Future work
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 09:33:00 -0000

On 16 August 2017 at 21:09, Andrew Ayer <agwa@andrewayer.name> wrote:

> On Wed, 16 Aug 2017 11:25:20 -0800
> Melinda Shore <melinda.shore@gmail.com> wrote:
>
> > Hi, all:
> >
> > With our major deliverable now pushed out towards IETF
> > last call, it's time to start considering whether or not
> > there's additional work to do, or if we're done.  As
> > we've talked about before, we know that there's at least
> > some interest in:
> >
> > . a client behavior document
> > . logging DNSSEC records
> > . logging binaries
>
> I've also seen interest expressed on the mailing list for:
>
> * A monitor API
>

Since we now know how to build verifiable monitors, perhaps that is part of
an API?


> * A strict version of CT
>

What do you mean by this?


>
> > Plus, I'm somewhat concerned about lack of gossip implementation
> > and deployment, and it's worth considering whether that's because
> > of lack of interest or because people running logs don't think
> > that what's in the gossip spec is suitable for their needs.
>
> Note that logs don't participate in gossip, so your question is one
> for TLS clients and monitors/auditors.
>
> The biggest problem is that the gossip spec only works with CTv2,
> and there are no CTv2 logs in existence, let alone implementations.
>
> Nevertheless, there's a fairly obvious and minor modification to make
> STH pollination work with CTv1, and I know of 7 different
> monitor/auditor implementations which are using this variation of the
> spec to exchange STHs from publicly-trusted CTv1 logs.
>
> That said, I know of no implementations of SCT feedback, nor of any plans
> by TLS clients to implement any part of gossip.
>

IMO "gossipless gossip", i.e. cross-logging of STHs is the way to go.


>
> Regards,
> Andrew
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>

v2.23.0 | Report a Bug | By Email