Re: [Trans] changes to attack analysis
Stephen Kent <kent@bbn.com> Fri, 06 March 2015 16:16 UTC
Return-Path: <kent@bbn.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC8B31A03AB for <trans@ietfa.amsl.com>; Fri, 6 Mar 2015 08:16:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.01
X-Spam-Level:
X-Spam-Status: No, score=-1.01 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, MIME_BAD_LINEBREAK=0.5, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8AXwkHiBRx8Z for <trans@ietfa.amsl.com>; Fri, 6 Mar 2015 08:16:38 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1855E1ACF54 for <trans@ietf.org>; Fri, 6 Mar 2015 08:12:45 -0800 (PST)
Received: from ssh.bbn.com ([192.1.122.15]:39903 helo=COMSEC.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1YTurj-0000fy-OO; Fri, 06 Mar 2015 11:12:44 -0500
Message-ID: <54F9D1FB.20908@bbn.com>
Date: Fri, 06 Mar 2015 11:12:43 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>, "trans@ietf.org" <trans@ietf.org>
References: <54F61F94.3000907@bbn.com> <CABrd9SQztue0zCApMs1dgF=PfDxLZY2SFz4reXmuBHssjFMDEg@mail.gmail.com>
In-Reply-To: <CABrd9SQztue0zCApMs1dgF=PfDxLZY2SFz4reXmuBHssjFMDEg@mail.gmail.com>
Content-Type: multipart/mixed; boundary="------------030302080308040501040307"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/9kqYYHKQaEt0FJLPCeVGb9X113c>
Subject: Re: [Trans] changes to attack analysis
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 16:16:42 -0000
Ben,
Happy to oblige. The revised text is attached.
As for your comments:
I still don't really understand this point: the log has no power to
check syntax that is not also available to a client,
In principle that's true, but in practice we have seen many instances
where client software
fails to perform checks established by standards. Thus logs represent an
opportunity to
do a better job (since they are new code) and perhaps help save clients
from bad code.
so I don't see how the log checking/not checking syntax is
interesting - a malicious CA presumably cannot know what all clients
will do? Because of this, I also still do not see the real value of
logs checking syntax - I am not fundamentally against it, but it
doesn't seem to me to add much.
A malicious CA can determine (via testing) which clients, by browser
type and version,
fail to perform certain syntactic checks. If the CA is creating a bogus
cert with a
particular set of clients in mind, this may suffice.
It is not clear to me that gossip has to be mandatory. So long as
some fraction of participants gossip, then clients are protected
from non-targeted attacks. Obviously this does not remove the need
to specify gossip, which is clearly required for CT to fully realise
its potential.
Remember that IETF standards almost always specify mandatory to
implement (MTI) features, not
mandatory to use (MTU) features. I believe your comment above supports
my argument that gossip needs
to be MTI, but not MTU.
Steve
- [Trans] changes to attack analysis Stephen Kent
- Re: [Trans] changes to attack analysis Ben Laurie
- Re: [Trans] changes to attack analysis Stephen Kent
- Re: [Trans] changes to attack analysis Ben Laurie
- Re: [Trans] changes to attack analysis Ben Laurie
- Re: [Trans] changes to attack analysis Eran Messeri
- Re: [Trans] changes to attack analysis Stephen Kent
- Re: [Trans] changes to attack analysis Rob Stradling
- Re: [Trans] changes to attack analysis Stephen Kent
- Re: [Trans] changes to attack analysis Stephen Kent