Dmitry,
I've been waiting for Rob Stradling to comment on the attack described
by Andrew.
I consider Rob to be the definitive expert on redacted certs (since he
invented
the concept) and I want to make sure that Ron concurs with the attack
description
and the impact characterization before adding it to the threat document.
If Rob concurs, then I'll draft text to describe the attack and submit
it to the
WG list for review, rather than re-issuing the whole doc with this added
material
for review.
Andrew's message noted a potential problem for Monitors dealing with
redacted certs.
The Monitor spec that I co-authored
(draft-kent-trans-monitor-auditor-01.txt) already
describes a model in which Monitors are expected to have access to the
cert data
associated with the Subjects they serve. So, in the case of redacted
certs, I think a
Monitor serving the Subject(s) of such certs will be able to function as
expected.
Eran suggested that a Monitor need not have such info and might be on
the lookout
for suspect certs in general, but I have trouble understanding how that
will work,
in general. I have not reviewed version 16 of 6962-bis, but I found
prior descriptions
of the Monitor function to be too vague. So, I'll mention the Monitor
problem, as well
as the CT-aware browser problem (re SCT matching), in the text I prepare.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
