On 25 July 2015 at 05:26, Ben Laurie <[email protected]> wrote: > I'm pretty sure I didn't say that. Not that I am particularly opposed to it, > my position is simply that I am not sure what value it adds.
Sorry, I don't know where it came from then. And agreed. > BTW, I snipped all your comments about SCT gossip, but I do agree with your > characterisation of the recipient as some kind of Trusted Auditor. I'm not > sure I saw gossip between Trusted Auditors explicitly addressed - would that > be allowed, or dangerous? As long as the Trusted Auditor didn't act in a predictable way with regards to data fed by a client, I believe it is safe for them do SCT Feedback to servers, STH pollination to servers, or send their results directly into a whole different Trusted Auditor. It's only dangerous if I can observe a Client <-> Trusted Auditor connection, and make strong inferences about what happened on that connection. So, clients inputs should be delayed/mixed before being acted on, and Trusted Auditors should be _encouraged_ to both collect as many users as they can (including other Trusted Auditors), and to do SCT Feedback and STH Pollination as much as they can. -tom _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
