Dimitry,
Stephen,
thank you for the formal description of treat model.
But I think that the Auditors should be mentioned in it too. If I am
not mistaken, they are designed to watch the certificates with
suspicious properties (CA permissions, etc.).
So the treats which are to be avoided using the Auditors seems to be
missing.is case, the CT mechanisms have detected mis-issuance, but are
not able to remedy the problem. (See Note 4 below.)
In 6962-bis (-04) the definition of the Auditor function is:
Auditors take partial information about a log as input and verify
that this information is consistent with other partial information
they have.
This is way too vague to be meaningful. So, I agree that an Auditor
might be relevant
to the attack analysis, I didn't include it this time because there is
not a sufficiently
detailed description of its functions. The examples of what an Auditor
"can" do don't
mention checking cert content against a set of criteria. They focus on
detecting log
inconsistencies. So, maybe Auditors should be mentioned in the
discussion of detecting
log misbehavior.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
