Re: [Trans] Gossiping in CT

Love Hörnquist Åstrand <lha@kth.se> Sat, 27 September 2014 18:25 UTC

Return-Path: <lha@kth.se>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29C1B1A0211 for <trans@ietfa.amsl.com>; Sat, 27 Sep 2014 11:25:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.563
X-Spam-Level:
X-Spam-Status: No, score=0.563 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67iy3BRhL-d7 for <trans@ietfa.amsl.com>; Sat, 27 Sep 2014 11:25:02 -0700 (PDT)
Received: from smtp-4.sys.kth.se (smtp-4.sys.kth.se [IPv6:2001:6b0:1:1300:250:56ff:fea6:2de3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C01371A0177 for <trans@ietf.org>; Sat, 27 Sep 2014 11:25:00 -0700 (PDT)
Received: from smtp-4.sys.kth.se (localhost.localdomain [127.0.0.1]) by smtp-4.sys.kth.se (Postfix) with ESMTP id 95B5F1D61; Sat, 27 Sep 2014 20:24:58 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at kth.se
Received: from smtp-4.sys.kth.se ([127.0.0.1]) by smtp-4.sys.kth.se (smtp-4.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id dw9kGxUuMxx2; Sat, 27 Sep 2014 20:24:50 +0200 (CEST)
Received: from EXHUB1.ug.kth.se (exhub1.ug.kth.se [130.237.32.134]) by smtp-4.sys.kth.se (Postfix) with ESMTPS id 9ACF7C89; Sat, 27 Sep 2014 20:24:40 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kth.se; s=default; t=1411842290; bh=XVZGhys7MI+29x0aWiOtHN6Xkl++eut06R5WrhcJkGs=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=BviFy/NJEcRiYYq0C69FLf3InPlMg1UmUCO+4hNHzLkgrlxJ20ydxozsYckCxlZGJ BjRIdZBLpb+BOukiEhdLY0MvyjOA2Qobg90jPL2BxS0TDc7DLot6gjG9SqngKUDxxT H/5+pIjImK6z68FiLAT/QV8ebIjLwkqMr5iwyak4=
Received: from EXDB1.ug.kth.se ([169.254.1.81]) by EXHUB1.ug.kth.se ([130.237.32.134]) with mapi id 14.03.0181.006; Sat, 27 Sep 2014 20:23:03 +0200
From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= <lha@kth.se>
To: Tao Effect <contact@taoeffect.com>
Thread-Topic: [Trans] Gossiping in CT
Thread-Index: AQHP2lfmERNm1Zg/Kku+1GEoYDckLJwVFfYAgAA1f6E=
Date: Sat, 27 Sep 2014 18:23:02 +0000
Message-ID: <E441364F-D860-4E7A-823B-6227DBB180B7@kth.se>
References: <878ul5tcby.fsf@nordberg.se>, <BC424D29-F537-4F98-93C8-A6D35E98B9DA@taoeffect.com>
In-Reply-To: <BC424D29-F537-4F98-93C8-A6D35E98B9DA@taoeffect.com>
Accept-Language: sv-SE, en-US
Content-Language: sv-SE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/u_XMOAqkd934iQ4wq9sY8R_-tcg
Cc: "trans@ietf.org" <trans@ietf.org>, Linus Nordberg <linus@nordu.net>
Subject: Re: [Trans] Gossiping in CT
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Sep 2014 18:25:05 -0000

> 27 sep 2014 kl. 19:11 skrev Tao Effect <contact@taoeffect.com>om>:
> 
> Thanks for starting this thread on Gossip!
> 
>> It's been suggested that web browsers should use TLS connections to web
>> servers for gossiping. One argument for that is that this makes the
>> attack of blocking the gossiping messages hard to get away with without
>> people noticing because it means blocking TLS to all servers
>> participating.
> 
> 
> I just want to point out that successful gossip does not protect clients against MITM from mis-issued certificates. It also does not detect mis-issued certificates.
> 
> The selective partitioning of a log is one attack, but the standard attack that we have today, which doesn't require partitioning of a log, is not detected by CT's gossip as elaborated on in the "Threat model outline, attack model" thread, here (and in followup replies):

- the CA is sloppy/forced to issue the cert to the attacker
- cert is injected into log
- cert have SCT
- client check the SCT with the logs the clients trust, like one the is not under the same control as the CA
- any other SCT in the cert is ignored by the client since they are not trusted.
- MITM happened
- Auditor finds the fraudulent issued cert
- public out roar 
- ca falls out from the public trust
- second ca will now refuse the attacker since they know the cost (loss of company)


Gossip is about not trusting log owners to keep them honest and unrelated to your attack.

until you have namecoin working and enabled on all running all TLS clients and servers, I find CT is a acceptable compromise.

Love