Re: [Trans] changes to attack analysis
Stephen Kent <kent@bbn.com> Fri, 06 March 2015 16:16 UTC
Return-Path: <kent@bbn.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC8B31A03AB for <trans@ietfa.amsl.com>; Fri, 6 Mar 2015 08:16:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.01
X-Spam-Level:
X-Spam-Status: No, score=-1.01 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, MIME_BAD_LINEBREAK=0.5, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8AXwkHiBRx8Z for <trans@ietfa.amsl.com>; Fri, 6 Mar 2015 08:16:38 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1855E1ACF54 for <trans@ietf.org>; Fri, 6 Mar 2015 08:12:45 -0800 (PST)
Received: from ssh.bbn.com ([192.1.122.15]:39903 helo=COMSEC.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1YTurj-0000fy-OO; Fri, 06 Mar 2015 11:12:44 -0500
Message-ID: <54F9D1FB.20908@bbn.com>
Date: Fri, 06 Mar 2015 11:12:43 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>, "trans@ietf.org" <trans@ietf.org>
References: <54F61F94.3000907@bbn.com> <CABrd9SQztue0zCApMs1dgF=PfDxLZY2SFz4reXmuBHssjFMDEg@mail.gmail.com>
In-Reply-To: <CABrd9SQztue0zCApMs1dgF=PfDxLZY2SFz4reXmuBHssjFMDEg@mail.gmail.com>
Content-Type: multipart/mixed; boundary="------------030302080308040501040307"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/9kqYYHKQaEt0FJLPCeVGb9X113c>
Subject: Re: [Trans] changes to attack analysis
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 16:16:42 -0000
Ben, Happy to oblige. The revised text is attached. As for your comments: I still don't really understand this point: the log has no power to check syntax that is not also available to a client, In principle that's true, but in practice we have seen many instances where client software fails to perform checks established by standards. Thus logs represent an opportunity to do a better job (since they are new code) and perhaps help save clients from bad code. so I don't see how the log checking/not checking syntax is interesting - a malicious CA presumably cannot know what all clients will do? Because of this, I also still do not see the real value of logs checking syntax - I am not fundamentally against it, but it doesn't seem to me to add much. A malicious CA can determine (via testing) which clients, by browser type and version, fail to perform certain syntactic checks. If the CA is creating a bogus cert with a particular set of clients in mind, this may suffice. It is not clear to me that gossip has to be mandatory. So long as some fraction of participants gossip, then clients are protected from non-targeted attacks. Obviously this does not remove the need to specify gossip, which is clearly required for CT to fully realise its potential. Remember that IETF standards almost always specify mandatory to implement (MTI) features, not mandatory to use (MTU) features. I believe your comment above supports my argument that gossip needs to be MTI, but not MTU. Steve
- [Trans] changes to attack analysis Stephen Kent
- Re: [Trans] changes to attack analysis Ben Laurie
- Re: [Trans] changes to attack analysis Stephen Kent
- Re: [Trans] changes to attack analysis Ben Laurie
- Re: [Trans] changes to attack analysis Ben Laurie
- Re: [Trans] changes to attack analysis Eran Messeri
- Re: [Trans] changes to attack analysis Stephen Kent
- Re: [Trans] changes to attack analysis Rob Stradling
- Re: [Trans] changes to attack analysis Stephen Kent
- Re: [Trans] changes to attack analysis Stephen Kent