On 25 September 2014 23:02, [email protected] <[email protected]> wrote: > The value proposition of CT remains ambiguous because the following > questions remain unanswered. > - What are the practical barriers to serving a falsified key to a user > that does not appear in the globally available log?
I was under the impression that this was the CT log forking the log to present valid looking data to Bob, while presenting the globally available log to Alice and everyone else. Bob gets owned. The technical work of forking the log is just some code and some signatures. > - What sort of evidence of malicious behavior by a key server would be > perceived as credible? If key server means 'CT-like log' in this context, I think this is covered. See: http://tools.ietf.org/html/rfc6962#section-7.3 and http://www.certificate-transparency.org/faq#TOC-Aren-t-you-just-creating-a-CA-of-CAs- The way I think this will work in practice is: - A log will go down for longer than the MMD. Technically, everyone should drop the log, but people make mistakes so we won't blacklist it - Some log will have a bug and present a fork for which we are able to ascertain all the details of. There will be a period of a month or two for everyone to get their shit migrated, then people will drop the log. A new log will be started on the new, fixed, codebase, and in a year it will be trusted again. > - What incentives do auditors face? Would they face incentives to collude > with the identity providers or robustly investigate report of MITM attacks? > > The first two questions remain unanswered because CT proposals are still > incomplete. The third question may be incomplete because answering it > requires skills not present in our community. Analyzing incentives governing > the behavior of rational actors is the specialty of economists. You can talk of economics, but the fact is a number of people who operate in the space of "Let's watch CAs, let's find proof of Google being evil" are not 'rational actors' ;) I'm assuming you mean auditor in the sense of a CT Auditor, and not Earnst and Young. Auditors investigate misbehavior of logs - not MITM attacks. (Obviously, misbehavior, of a log can lead to a MITM, but they're distinct.) There will be lots of auditors, just as there are lots of people watching CAs for misbehavior today. The incentives are varied: some people will do it because they hate Company X who runs a log, others because they want to prove all of CT to be worthless, others because it's their job as part of making the internet safe, others because they like crypto. The hard part of being an auditor isn't the technical aspect or 'finding the time', it's collecting data. It's like finding misissued certificates - it's very difficult to find a google.com cert signed by CNIC, it's very easy to 'investigate it' (run it through a couple OpenSSL commands) and then put it up on the internet for everyone to see. At that point it's out of the auditor's hands - the misbehaving log will respond (or not) and the large providers of trust infrastructure (browsers, OSes) will believe them (or not) and take action (or not). If it's not clear - I'm not arguing that CT is the way to go, I quite like The Simple Thing as a practical way forward. I'm just providing commentary. -tom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
