On 19 October 2016 at 12:00, Kurt Roeckx <[email protected]> wrote: > Hi, > > I was reading the latest draft of the gossip protocol and I have > some concerns. > > I've started monitoring the CT logs. I think that under the latest > draft I became an "auditor", but the graph also still mentions a > monitor. But I don't believe I'm a "trusted auditor". There at > least seems to be confusion about the terms.
You're correct. In our draft we refer to a 'Trusted Auditor' as some third party who gets input from clients and then uses it to facilitate log auditing. Whereas in the CT draft, an Auditor is someone who observes the logs and attempts to detect misbehavior. Technically, our 'Trusted Auditor' does not have to do auditing! It could collect, mix, and then release users' input to an 'Auditor' who actually performs the auditing. Perhaps we should rename our 'Trusted Auditor' to something different. > I'm mostly interested in checking that the CT logs behave like > they should, and the draft doesn't seem to be covering this, or > I'm not understanding it. You're right - this draft doesn't proscribe actions for an 'Auditor', it only attempts to answer the question "How does an auditor get data from HTTPS Clients?" > How can I find all the SCTs and STHs that > the log did send to someone but didn't send to me? > > It seems that as auditor I would only talk to the CT logs and > "participating HTTPS servers". It's not clear to me how I would > disover those HTTPS servers. That's fair, we don't really say I don't think. I expect practically speaking, that web crawling will occur and people will circulate lists of participating HTTPS servers. If an Auditor misses some servers that do STH Pollination, it's not a big deal as that data will be pollinated across HTTPS servers. In contrast, servers who do SCT Feedback will be more likely to announce to auditors "Hey, I enabled this, start polling me." (In both instances, HTTPS servers can also push to an Auditor if they choose.) > Is this related to the "trusted > auditor"? Would an auditor work for an HTTPS site? Or would both > clients and auditors have a list of those participating HTTPS > servers, and those HTTPS servers act like some lightweight > auditor? It's possible for HTTPS Servers to implement some amount of auditor functionality, but we don't expect most to. Actions for an auditor to take is a good thing to try and document somewhere. We _could_ put it into Gossip, but it seems like a separate draft to me. Off the top of my head I think the main things it would be checking are: - Has the log always issued a STH within the MMD - Can I resolve all inputs (SCTs, STHs) into a single STH via inclusion/consistency proofs (to prevent split views) -tom _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
