On 12/11/2013 05:55 PM, Ben Laurie wrote: > Who's in? I'd like to be part of it.
> Cryptographically verifiable logs can help to ameliorate the problems > by making it possible to discover and rectify errors before they can > cause harm. Correct me if I am wrong, but the following comes to mind. I'd probably say "too much harm" or "significant harm": the public log concept allows for a short time window for successful attack. Much depends on the number of logs a CA pushes their certs to, and how many monitors watch these logs for suspicious changes. I am less concerned about the consistency proofs and audit paths here, and more about what monitors actually do. I.e., deployment issues. > Work items: Specify a standards-track mechanism to apply verifiable > logs to HTTP/TLS (i.e. RFC 6962-bis). One thing that I was wondering about is whether the work can be taken further at some point to include that mechanism from Sovereign Keys that allows to give, say, an alternate Tor routing (or hidden service), for a given domain, in order to avoid censorship. I'd agree that's not a primary topic for CT, but a worthwhile goal to keep in mind for later. Ralph -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18043 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
