On 12/11/2013 11:55 AM, Ben Laurie wrote: > "Problem statement: many Internet protocols require a mapping between > some kind of identifier and some kind of key, for example, HTTPS, > SMTPS, IPSec, DNSSEC and OpenPGP. > > These protocols rely on either ad-hoc mappings, or on authorities > which attest to the mappings. > > > History shows that neither of these mechanisms is entirely > satisfactory. Ad-hoc mappings are difficult to discover and maintain, > and authorities make mistakes or are subverted. > > > Cryptographically verifiable logs can help to ameliorate the problems > by making it possible to discover and rectify errors before they can > cause harm. > > > These logs can also assist with other interesting problems, such as > how to assure end users that software they are running is, indeed, the > software they intend to run. > > > Work items: Specify a standards-track mechanism to apply verifiable > logs to HTTP/TLS (i.e. RFC 6962-bis). > > > Discuss mechanisms and techniques that allow cryptographically > verifiable logs to be deployed to improve the security of protocols > and software distribution. Where such mechanisms appear sufficiently > useful, the WG will re-charter to add relevant new work items."
I'm interested. I think this has strong potential for improved
authenticity on the 'net (and improved confidentiality follows from that).
However, I'm also concerned that cryptographically-verifiable global
logs create an enumeration concern for the space that they log. This is
similar in some ways to the issues raised around DNSSEC's NSEC (and not
particularly effectively addressed by NSEC3). Enumerability like this
is potentially a major table of metadata that could potentially be abused.
I'd appreciate it if any Transparency Working Group explicitly tries to
address concerns around enumerability.
Thanks for taking point on this, Ben.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
