Re: [Trans] [saag] draft-iab-crypto-alg-agility-00

Ben Laurie <benl@google.com> Tue, 08 April 2014 14:21 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3DDB1A03FE for <trans@ietfa.amsl.com>; Tue, 8 Apr 2014 07:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LEmebKp7rK4v for <trans@ietfa.amsl.com>; Tue, 8 Apr 2014 07:21:38 -0700 (PDT)
Received: from mail-ve0-x233.google.com (mail-ve0-x233.google.com [IPv6:2607:f8b0:400c:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id ADA0E1A0429 for <trans@ietf.org>; Tue, 8 Apr 2014 07:21:28 -0700 (PDT)
Received: by mail-ve0-f179.google.com with SMTP id db12so796736veb.24 for <trans@ietf.org>; Tue, 08 Apr 2014 07:21:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rUWchDoKIMDjx7REd1lDAGgAk6m7IYhNTvpHswB7DEc=; b=OF+PZBPNwzRl2kKWU8h7J0o/NvO5iPeSXW0dOr/8recnz7aRJ+5s9TiCKUe0uHq+Id VhpM/2TZTk3Q48AJc2cFURN1HHHQDzOZUhEkMe/2EGDze8pO+ySkkJassrzx4YmbMeN3 gaidZFc/S4XKSAet2Gjpnb9Jds4PuIfvjFf/bcOU5R2i4Vr5dyKg0+4NTzqz53wUv6ox RQaOKPWX7qIvgdtkDvQ3RI0ghKtcCp/ifSgxGR7M/mnZUpXJkSRN1NCzvdvmXh3sUOhG r3ZxwvNHOHooN5iEuoQvhM66+KmKja+7creYCFuFjABLq3hrQTwXi6orNIq1DLrqjX+b kw2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=rUWchDoKIMDjx7REd1lDAGgAk6m7IYhNTvpHswB7DEc=; b=cG4ephVO0bCLRuVgMYfFkn2gfXF8oXJuqqSK4OQuzWb0i0vvule7X81RWLpjELObSb tpIL+t5R5rd6Hoq4rSCM+lR6gPiVDyE8r1GofEh2N1m9ccN8sWTwv49AmcS3QdNC4JzR W6zInhleJhFLN5mpBnf3ZGdqfitmil1p3+EruAHpzgoDaXpiFaYNg1vfhS6zqkCokwyn 0gMmHB/lVE3TIITMvvG8SUc6TTmnEoEGA7XyTeYNogfTUEgPbIXXbamaqbu2wBCyU2j5 AX1gnoJYr4qQGJ7jDReXBx2VBmpQAlxJmDGRMlU7OfKe/yJc0ndTAXZ7DnSGDMXQnATY 6v2g==
X-Gm-Message-State: ALoCoQn2Lw8UmMLalSGKlp6A6OSizH54s4APJNClOQ5/h0H4xy+3opw3tVs5z7S4zdmQmjJP0e49Yvn6ijhrCYyMSuH7tAxzJAaqxOpc2LLM+XxTndQ4M2YBJ61VKmV/q4E9cw7/2lfqf2ZBeMT3BSBsSBO7RdHiiTXPoEoITirp87vl1EGSiYSC1QJI4x3FaQqlLHO2qgDY
MIME-Version: 1.0
X-Received: by 10.221.26.10 with SMTP id rk10mr3524522vcb.0.1396966888424; Tue, 08 Apr 2014 07:21:28 -0700 (PDT)
Received: by 10.52.119.179 with HTTP; Tue, 8 Apr 2014 07:21:28 -0700 (PDT)
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C7120AC188BB@USMBX1.msg.corp.akamai.com>
References: <5999195E-9073-4649-A224-BF71BA61CBAF@vigilsec.com> <CAG5KPzzqSQ++YpQcnYesecL0GQ0+J0ieMXBrNk6txMAC58xEQQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04EBD0@USMBX1.msg.corp.akamai.com> <6.2.5.6.2.20140406121529.0bd2d730@resistor.net> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04EBD7@USMBX1.msg.corp.akamai.com> <CAG5KPzxihe+k0x0njC+BANacmrrQyfU5RAY_EYcMYW2rx8DZfw@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED14@USMBX1.msg.corp.akamai.com> <CAG5KPzzzmJhcPfs0cJuS3f8Lu_Rua9dj0XWaOZ0RQ0Mwyd+egw@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120AC18663@USMBX1.msg.corp.akamai.com> <CABrd9SQaGTFzRaaxs7HNJ7uD_Bb=qPtCtTTsu-ZFYh+QAduzsg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120AC188A7@USMBX1.msg.corp.akamai.com> <CABrd9SQpaDn=FWCtpRxOprt1nus_Fbg6a9dpbDrdjoWi=H8NBg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120AC188BB@USMBX1.msg.corp.akamai.com>
Date: Tue, 8 Apr 2014 15:21:28 +0100
Message-ID: <CABrd9SRjvexZb5-qo_PsQNLu9BSxbH1zUOCYtomzutXF68j2ZA@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/uT690CJEQUuEg8dg5MirOjCzQsE
Cc: "trans@ietf.org" <trans@ietf.org>, Ben Laurie <ben@links.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [Trans] [saag] draft-iab-crypto-alg-agility-00
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 14:21:39 -0000

On 8 April 2014 15:18, Salz, Rich <rsalz@akamai.com> wrote:
>> > I do not understand why metadata is more secure then the data itself.
>
>> It is created by a different authority.
>
> ?  Is this in the part of the RFC that is still TBD?

The RFC describes how logs work and how clients work. It does not
describe how clients decide what logs they are prepared to accept. I
am not sure it should.

But whoever does also decides whether the algorithms in use by the
logs are acceptable and tells the client what those algorithms are
(along with other things, like the log's key, base URL and MMD).

-- 
Certificate Transparency is hiring! Let me know if you're interested.