#130: Support Delegation of SCT Feedback/STH Pollination
Comment (by [email protected]): Replying to [comment:4 benl@…]: > Yes, a different host. > > I think '''requiring''' that a server should forward in a privacy- preserving manner is over-reach. Not convinced we even know how to do that perfectly. I think requiring that '''if''' a server is forwarding SCT Feedback it '''must''' do it in a privacy-preserving manner that we will define, perfect or not. > On blocking: I don't understand - an adversary can block the server as easily as any delegate. Blocking feedback in the same TLS session as the one where the ordinary request was carried out should be hard to do without collateral damage in form of the page that was requested (assuming it's hard to cut an existing session at the exact right time). To block feedback you'd have to block the page, something we hope will be too expensive. > On "refusing third party content", is that a thing? I can find no reference to it. Your browser is already required to connect to all sorts of domains you haven't requested, for CRLs, OCSP, DNS, updates, time... I don't think it is realistic to expect users to figure out what is and is not OK for these kinds of things. I expect users to be able to pick a browser that is less bad. Arguing that another third party is OK because there are others doesn't help. I guess a counter argument would be that explicit delegation is easier to detect and refuse. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans-threat- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: gossip | Version: Severity: - | Resolution: Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/130#comment:5> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
