Re: [Trans] Review of draft-ietf-trans-threat-analysis-15
Ryan Sleevi <ryan-ietf@sleevi.com> Wed, 19 September 2018 15:01 UTC
Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72C0E130E1B for <trans@ietfa.amsl.com>; Wed, 19 Sep 2018 08:01:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ta2B1eslzgdc for <trans@ietfa.amsl.com>; Wed, 19 Sep 2018 08:01:49 -0700 (PDT)
Received: from pdx1-sub0-mail-a2.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C77C13104C for <trans@ietf.org>; Wed, 19 Sep 2018 08:01:47 -0700 (PDT)
Received: from pdx1-sub0-mail-a2.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a2.g.dreamhost.com (Postfix) with ESMTP id 5B2AC81476 for <trans@ietf.org>; Wed, 19 Sep 2018 08:01:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=r0xlEZQiQnNjp65eg/2xVCzN1yA=; b= gQQ8N3uM5OH6Rui6b/pdV7CD+mUn5QNPPOk+/Apt/91uFAokO4GcnSDi8CCruiB4 UUd/+mSm4Ea+H+Q9K/Abl9Sf+xNYznpLdN0exjRUwfAsDInywVwlbfTXXMq7jSwV 5trw9wgR0QWGR7edt6Rg5E1bWGeiFmW6Rr6TtIwYJMM=
Received: from mail-it0-f46.google.com (mail-it0-f46.google.com [209.85.214.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by pdx1-sub0-mail-a2.g.dreamhost.com (Postfix) with ESMTPSA id 47E5280503 for <trans@ietf.org>; Wed, 19 Sep 2018 08:01:44 -0700 (PDT)
Received: by mail-it0-f46.google.com with SMTP id 139-v6so8149158itf.0 for <trans@ietf.org>; Wed, 19 Sep 2018 08:01:44 -0700 (PDT)
X-Gm-Message-State: APzg51AguLkbB/oDKIcEiuUv3MEKcyxazFLFoRTpiho3zHyKUU2F35ue RCPDhx1czq/2Jv44Iriqb3p94FPXg92WRd1hWVk=
X-Google-Smtp-Source: ANB0VdbfPlPr8UbuFCHVhLYrf2qFU+Gj6kOGMnWx4YbxPEZXmYKcXIA619Hf7CKCRVNGYYNRZeuy69GpfQ2TXzKqkvk=
X-Received: by 2002:a24:328d:: with SMTP id j135-v6mr21485114ita.5.1537369303663; Wed, 19 Sep 2018 08:01:43 -0700 (PDT)
MIME-Version: 1.0
References: <CAErg=HFGQYaSbm=bQ+_cX4_PtksGGvqQRUGhnyNH2qDSn7haBQ@mail.gmail.com> <1f22b6e2-b163-565b-e933-4259800f2c2c@gmail.com>
In-Reply-To: <1f22b6e2-b163-565b-e933-4259800f2c2c@gmail.com>
X-DH-BACKEND: pdx1-sub0-mail-a2
X-DH-BACKEND: pdx1-sub0-mail-a2
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Wed, 19 Sep 2018 11:01:31 -0400
X-Gmail-Original-Message-ID: <CAErg=HFicPFOsVWvZGj6nx0MPKt60P+48aiPdYO9wFnqpuSCig@mail.gmail.com>
Message-ID: <CAErg=HFicPFOsVWvZGj6nx0MPKt60P+48aiPdYO9wFnqpuSCig@mail.gmail.com>
To: Melinda Shore <melinda.shore@gmail.com>
Cc: Trans <trans@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003bce4605763aaf44"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/yxH9j61SR9kWd1bhByPS6clbS9U>
Subject: Re: [Trans] Review of draft-ietf-trans-threat-analysis-15
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Sep 2018 15:01:51 -0000
On Wed, Sep 19, 2018 at 12:57 AM Melinda Shore <melinda.shore@gmail.com> wrote: > Ryan, thanks for the thorough review. One thing you did > not address, and I'm guessing that was deliberate, was whether > or not you felt that the effort needed to resolve the issues you > raise is a good investment - that is to say, will lead to a > useful document. > I think it's very useful to have a document like this, and even with the issues noted, I'm hugely appreciative of Stephen putting in this work to capture the state so far. I worry that the structural issues potentially mean a large amount of effort to resolve - the prose itself rests on that hierarchy and structure, and thus even if all the attacks remain the same, the amount of prose change to accommodate that is rather large. At the same time, I'm not sure I see a good way to resolve some of the issues that result from the current layout. The same concern applies to the discussion about syntax violations and Logs checking. A significant amount of text is dedicated to the discussion of possible remediations, and to find consensus on that seems like it will be a large effort. Other elements are hopefully more minor to address, and largely involve removing text - speculating about motivations or speaking in absolutes as to solutions are both examples of text that can be largely removed without impacting the section or the overall document too negatively. At the end of the day, it sets out to do what it says on the tin - it provides /an/ attack model for CT. It's a model with issues, as would be expected of most models, and while I don't think it reflects the model that either 6962 or 6962-bis have been considering, it definitely captures some of the attacks. That it misses attacks that are of great concern to CAs and Log Operators is most unfortunate, but an understandable result of the fact that both the policy discussions and the deployment scenarios have been and are largely outside of the IETF. I may have missed some emails Rich has seen, but I've seen major issues raised during each WGLC that's been attempted that have required substantial changes. At the end of the day, we have to ship it, or not. I lean towards not, and though it's an incredibly valuable and appreciated start, I don't think it gives a sufficient picture of considerations for potential CT-aware clients, Monitors, Logs, or CAs, even if it has some of the necessary bits.
- [Trans] Review of draft-ietf-trans-threat-analysi… Ryan Sleevi
- Re: [Trans] Review of draft-ietf-trans-threat-ana… Melinda Shore
- Re: [Trans] Review of draft-ietf-trans-threat-ana… Salz, Rich
- Re: [Trans] Review of draft-ietf-trans-threat-ana… Ryan Sleevi
- Re: [Trans] Review of draft-ietf-trans-threat-ana… Stephen Kent