Tom Ritter <[email protected]> wrote Mon, 8 May 2017 12:38:45 -0500: > Anyway, so I still think there's fingerprinting concerns. But even if > we require deterministic signatures - if the log *wants* to be > malicious, it can still issue non-deterministic signatures, and > there's no way to know, because as I said above - detection is hard.
You seem to focus on SCTs, which are indeed hard to share between privacy concerned clients because they contain sensitive data. But STHs have signatures too and I think we should limit the ways a log can track clients asking for STHs. Catching a log serving different log clients different bits for the same timestamp, tree_size and root_hash is a matter of clients comparing retrieved STHs. Keeping the requirement for deterministic signatures and the limitation on STH issuance frequency (6962bis-24 4.8) makes gossiping about STHs reasonable even for clients serving end users with privacy expectations (gossip-04 10.5.4). > So I think Eran's suggested changes are okay. I think we should keep requiring deterministic signatures being used but stop mandating how it is being done. _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
