On 9 May 2017 at 03:53, Linus Nordberg <[email protected]> wrote: > Tom Ritter <[email protected]> wrote > Mon, 8 May 2017 12:38:45 -0500: > >> Anyway, so I still think there's fingerprinting concerns. But even if >> we require deterministic signatures - if the log *wants* to be >> malicious, it can still issue non-deterministic signatures, and >> there's no way to know, because as I said above - detection is hard. > > You seem to focus on SCTs, which are indeed hard to share between > privacy concerned clients because they contain sensitive data. But STHs > have signatures too and I think we should limit the ways a log can track > clients asking for STHs. > > Catching a log serving different log clients different bits for the same > timestamp, tree_size and root_hash is a matter of clients comparing > retrieved STHs. Keeping the requirement for deterministic signatures and > the limitation on STH issuance frequency (6962bis-24 4.8) makes > gossiping about STHs reasonable even for clients serving end users with > privacy expectations (gossip-04 10.5.4).
I agree that we could catch logs who do this to STHs relatively easily. >> So I think Eran's suggested changes are okay. > > I think we should keep requiring deterministic signatures being used but > stop mandating how it is being done. Definitely agree that we not mandate how it is done. I guess I'm more on the fence now because of the STH situation. -tom _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
