Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior
Ben Laurie <benl@google.com> Fri, 23 October 2015 09:27 UTC
Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66D5A1B33D1 for <trans@ietfa.amsl.com>; Fri, 23 Oct 2015 02:27:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HfhpS8deY58z for <trans@ietfa.amsl.com>; Fri, 23 Oct 2015 02:27:10 -0700 (PDT)
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com [IPv6:2607:f8b0:4002:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12BFC1B33C7 for <trans@ietf.org>; Fri, 23 Oct 2015 02:27:10 -0700 (PDT)
Received: by ykba4 with SMTP id a4so107908688ykb.3 for <trans@ietf.org>; Fri, 23 Oct 2015 02:27:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=r/RcGQJ4N2wU8puB+XkHM2ZzthzyBEBqZan8VcDldtM=; b=nUTeuRibNFRuewr1QPSOdI+Qfi/wV0TkqkvcR9KRZJz4nhdMkN+hDG2aSF1Ea4wIht Wwdk3mYztm+gqnJWUPT39O5nRIWcqnd5HwQrAMP5UKKBsb7gEG4m+IORGsTjaJmemuLZ LP1a7+Xg0pwz10zrsE99bv3oIO1mZWwY95rQPPwKO45IDLG4yIo+xDqQ+Pmz+rkBX6nU LdmARrd6LXLr7o/JGpaQuRXSRlMycmwDvi7ghVr4IRkKKnRE3X/jV8oAhVl2Sgig/yDz /51a+WiXJyaV+doC+1TUdZykZ2SrbDTMlHrxBva1zpLcO8Km+fiHxMwwaRR/f8pzRBp4 Mygg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=r/RcGQJ4N2wU8puB+XkHM2ZzthzyBEBqZan8VcDldtM=; b=aCT+GxWgKrFB+y2WDGpFmc9gZiYyPzn2lLn7a0nCO990bmx6kD0sWfXETjDgkkPD19 OZbqCjkdDvVb4KdZJrEHdSSwGkDhyJoWN6WxRwdz531Hw0gJvSdhjZMfqZPdu8KDtJO9 Yx/HAdoUqfSJ4/BH/gQLLkipSJMUyAajRjn32Tqv+upU0JP81RH2gHoKxwKl2F8InF0z C9BGAX/ZxVWnbVXloq+bg5Ba5vpYqGjQ0Dy+QKgqOPl9sagKWUPg0dEsHQQHfWAUdr/a FZkmVCsL4dlen85md4u77yG6P1BSo6YugqvxnoSoT0GGECR0F69erUiYRB8ELpOTa1EF Gx0A==
X-Gm-Message-State: ALoCoQlNXP7c8zcQjpBrQNxKYeh43BsESPTxyDXP5vRiIY7xeP01c7C3itB6s3tNc8VuHE9FVOxZ
X-Received: by 10.129.96.136 with SMTP id u130mr16309301ywb.35.1445592429315; Fri, 23 Oct 2015 02:27:09 -0700 (PDT)
MIME-Version: 1.0
References: <CA+cU71m0wpnD1ZYOTtr=oW+1BjquFxyagtMt+wgCgC_PD0PE-g@mail.gmail.com> <CABrd9SQd2RETKQWe9-_KCHufAWjBhs2k008vEz-5cyM_gbY4Qw@mail.gmail.com> <E1812BE0-BD94-4050-95DB-C0483303AFF2@isoc.org> <CABEqWMC=pJUMEn8DxxTn6VTBs9hpayC-ZVUwcGdvg=PEw-Q=Rg@mail.gmail.com> <CALzYgEfsEOyuo9Ez2JqoMJ=WzZ3mFY+eTe6L2F6ZSLJEiVJAJQ@mail.gmail.com> <CA+cU71=YMq3jJhdnv_CqmteUhRnnxYmbpjQ=hN0DhFbBoy+ERg@mail.gmail.com> <CALzYgEcnW-Gm5jjv3cGj-MTPO9TA2u8sVpuJU8ML8dPi-ynKRA@mail.gmail.com> <87fv142urp.fsf@nordberg.se> <CA+cU71=s9fkKxYF47mYRnejLexsE2x924Dm+sU=fckzKKPdE4A@mail.gmail.com> <CABrd9SSeb=sHYDphJSWvF+ROBEdsrfDfOLSTyHDHuRvOz_RobA@mail.gmail.com> <87611ybjud.fsf@alice.fifthhorseman.net> <CA+cU71nBYWzvxPAAYPQ9x0jWJV1MGX_i8LeygAm2nXUbpj4v1w@mail.gmail.com>
In-Reply-To: <CA+cU71nBYWzvxPAAYPQ9x0jWJV1MGX_i8LeygAm2nXUbpj4v1w@mail.gmail.com>
From: Ben Laurie <benl@google.com>
Date: Fri, 23 Oct 2015 09:26:59 +0000
Message-ID: <CABrd9SRtrv9rV+sOCVEzG9iAw67UGgX2u-Gztfjg_A7bKk78Gg@mail.gmail.com>
To: Tom Ritter <tom@ritter.vg>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: multipart/alternative; boundary="001a11492c103d92890522c2370b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/zVGxql2vMzUg_HHitQ_ESudqllk>
Cc: Katriel Cohn-Gordon <me@katriel.co.uk>, Robin Wilton <wilton@isoc.org>, Eran Messeri <eranm@google.com>, "trans@ietf.org" <trans@ietf.org>, Linus Nordberg <linus@nordu.net>
Subject: Re: [Trans] Gossip: Unsticking a client caught with potential evidence of log misbehavior
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2015 09:27:11 -0000
On Fri, 23 Oct 2015 at 06:12 Tom Ritter <tom@ritter.vg> wrote: > On 22 October 2015 at 05:25, Ben Laurie <benl@google.com> wrote: > > On Thu, 22 Oct 2015 at 03:16 Tom Ritter <tom@ritter.vg> wrote: > >> > >> I can't > >> think of a way you receive (no-maliciously) an older-then-three-week > >> STH. > > > > You can end up with one if you receive a fresh one and then go to sleep > for > > 4 weeks... > > That's true. It seems different from the client receiving a 4-week old > STH via the network though. > > If you start up and have a 4-week old STH in your store - you can > presume that you recived it when it was fresh. And if you cannot > resolve with a consistency proof - it seems 'safer' to me in some way. > If you receive a 4-week old STH from a site, I might assume they're > trying to load me with a tracking STH. > > But in general we're back in the bucket of "What do I do with this." > Do we share it with websites via STH Pollination even though it can > enable very reliable cross-origin linkage? I don't think we can, > because (besides the privacy issue) we don't want to require the > website to resolve consistency proofs nor do we want the website to > give 4-week old STHs to other clients. Do we share it with an > auditor-of-last-resort (after failing to resolve a consistency proof), > thinking that the privacy implications of a STH are much lesser than > the near-certainly of cross-origin linkage? > The problem with discarding old STHs is it makes an attacker's job easier: now they only have to isolate their victim until the STH expiry age, and all evidence is gone. > > -tom >
- [Trans] Gossip: Unsticking a client caught with p… Tom Ritter
- Re: [Trans] Gossip: Unsticking a client caught wi… Ben Laurie
- Re: [Trans] Gossip: Unsticking a client caught wi… Robin Wilton
- Re: [Trans] Gossip: Unsticking a client caught wi… Katriel Cohn-Gordon
- Re: [Trans] Gossip: Unsticking a client caught wi… Eran Messeri
- Re: [Trans] Gossip: Unsticking a client caught wi… Tom Ritter
- Re: [Trans] Gossip: Unsticking a client caught wi… Eran Messeri
- Re: [Trans] Gossip: Unsticking a client caught wi… Ben Laurie
- Re: [Trans] Gossip: Unsticking a client caught wi… Linus Nordberg
- Re: [Trans] Gossip: Unsticking a client caught wi… Tom Ritter
- Re: [Trans] Gossip: Unsticking a client caught wi… Ben Laurie
- Re: [Trans] Gossip: Unsticking a client caught wi… Ben Laurie
- Re: [Trans] Gossip: Unsticking a client caught wi… Daniel Kahn Gillmor
- Re: [Trans] Gossip: Unsticking a client caught wi… Tom Ritter
- Re: [Trans] Gossip: Unsticking a client caught wi… Ben Laurie
- Re: [Trans] Gossip: Unsticking a client caught wi… Ben Laurie