Bryan,
Thanks for the feedback.
I added text to address the concerns you cited about the threat analysis
document
last year, based on comments you made in the London meeting. I don't
recall you mentioning
this specific concern at that time or in subsequent messages. Can you
refer me to one or
more specific message in which you cited the oversight you mentioned below?
I finally had a chance to take a look at the latest version of the
threat analysis document.
Months ago, I pointed out that the document presents a lopsided view
of the potential types of attacks, in general considering only attacks
in which CAs or log servers misbehave “in place”, while completely
neglecting even to mention the large class of attack scenarios in
which an attacker steals the servers’ keys and uses them to create
secret “evil twins” of the CAs and/or log servers elsewhere on the
Internet (or off the Internet) in domains more under the attacker’s
control. In other words, the attacker leaves the “normal” CAs and log
servers that most of the Internet sees operating completely normally
and appearing to be honest, but creates and uses evil twins of those
CAs and log servers elsewhere for (basically undetectable) attacks
against target victims.
I will write text to address a class of attacks where a CA's or a a
log's private key is compromised
and the attack is undetected. I do agree with Ben, however, about the
difficulty faced by CT or other
mechanisms when users operate in an isolated environment. If a user
lives in a country where the
telecom infrastructure is controlled by state security forces, there may
be few if any ways for
the user to acquire externally supplied security info. I don't
anticipate addressing that topic.
Also, BTW, Eran (a co-author of 6962-bis) provided feedback on the treat
analysis document,
which was reflected in the -02 version.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
