All,
This is my first post on list ever, so be gentle :) General: This is actually an attack model with an analysis of detection and consequence. Perhaps the name could be changed to reflect that. General: 2.2’s outline should follow 2.1’s outline. Move ‘Malicious or conspiring third party Monitor’ to section 2.2.1.3 and remove it from 2.2.1.1.3 and 2.2.1.2.1. It may be complete either way, but it is more likely to look complete if it is symmetric. General: Remove the references to the Notes in Sections 2 and 3. They will stand alone. Section 2.1.1.1.1: Change to: “If a Subject is tracking the log(s) to which a certificate was submitted, and is performing self-monitoring, then it will be able to detect a bogus (pre-) certificate and request revocation. In this case, the CA will make use of the log entry, supplied by the Subject to determine the serial number of the mis-issued certificate, and investigate/revoke it.” Section 2.1.1.1.1, 2.1.1.1.2, 2.2.1.1.1, 2.2.1.1.2 : Make the “If there are many logs, it may not be feasible for a Subject to track all of them” a note in Section 4 (it is sort of Note 1 currently). Section 2.1.1.1.2: Change this in a similar manner to 2.1.1.1.1, for the same reasons. Section 2.1.1.2.2: How will gossiping detect this? The Log owner issues the SCT, but doesn’t actually put the certificate into the log. How is this detectable by gossiping? Not like an attacker is going to submit that certificate to multiple logs. He just wants the SCT. Section 2.1.2: Does the 3rd party monitor have a role in the case where the certificate isn’t logged? Should that fact be stated? Perhaps a sentence to that effect in Section 2.1.2.3 would be in order? Section 2.1.2.1: Either remove the last sentence in the parenthetical, or work it into the paragraph without the parenthetical. Section 2.2.1.2: Add a section on Self-monitoring Subject and a section on benign third party Monitor. Section 2.2.1.1.3 and 2.2.1.2.1: Combine these into Section 2.2.1.3 called malicious or conspiring third party monitor. Section 3, Syntactic checks: We need to think about whether this makes sense. This paper gets much simpler w/out it. Currently not included in rfc6962bis. Section 4, Notes: These are issues that will need to be addressed. I would make a more descriptive name and keep them numbered. Section 4, Note 1: Make this two items. First: How are new logs discovered by monitors? Second: how does a subject know which logs the monitor is checking? Deb Cooley [email protected]<mailto:[email protected]> 410-854-6888
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
