![]() ![]() This document relies on terminology and data structures defined in Gossip only for STHs of a certain "freshness" and limiting the This "safety in numbers" is achieved by requiring Perspective as long as the same STH is shared by a large number of Sharing an STH is considered reasonably safe from a privacy Repository of SCTs which can be queried by auditors. In this way a site can accumulate records of SCTs that haveīeen issued by various logs for that site, providing a consolidated Given site to the site corresponding to the SCT, because the site'sĪccess logs would already indicate that the client is accessing that However, there is no loss in privacy if a client sends SCTs for a Through rare STHs is one potential attack. Log entries) can be problematic - user tracking by fingerprinting Even sharing STHs (which do not link to specific Privacy considerations into account in order not to leak associationsīetween users of the log (e.g., web browsers) and certificate holders Linkable to specific log entries and thereby to specific sites, which We want some side of the partitioned tree, and ideally bothĭisseminating known information about a log poses a potential threat Gossiping about what's known about logs helps solve the problem ofĭetecting malicious or compromised logs mounting such a partitioningĪttack. Each client would be able to verify theĪppend-only nature of the log while in the extreme case being the Information about monitored logs in order to be able to detect aĪ partitioning attack is when a log serves different views of the log Public append-only untrusted logs have to be monitored forĬonsistency, i.e., that they should never rewrite history.Īdditionally, monitors and other log clients need to exchange They should provide protective benefits for the system asĪ whole even if their adoption is not universal. Logs in a manner that preserves the privacy of the non-log players Non-log players in the CT ecosystem to exchange information about This document presents three different, complementary mechanisms for Of web browsers and other TLS clients) should not be damaged by Privacy of consumers of log information (in particular, Information about the logs and their operations, but not to leak anyĪdditional information about the operation of any of the other The goal of CT gossip is to publish and distribute One of the major challenges of any gossip protocol is limiting damage That makes use of the available mechanisms. Needs a well-defined way to "gossip" about the activity of the logs Order for the community to effectively detect log misbehavior, it If the community dependent on the log knows what to do with them. ĬT provides mechanisms for detection of these misbehaviors, but only Operations, also known as a partitioning attack. In particular, CT logs can misbehave eitherīy rewriting history or by presenting a "split view" of their The purpose of the protocols in this document is to detect Internet-Draft Gossiping in CT August 2015 10.1. Privacy for HTTPS clients requesting STHs. ![]() HTTPS client STH and Inclusion Proof Fetching. The Trust Legal Provisions and are provided without warranty asġ. Include Simplified BSD License text as described in Section 4.e of Code Components extracted from this document must Please review these documentsĬarefully, as they describe your rights and restrictions with respect This document is subject to BCP 78 and the IETF Trust's Legal This Internet-Draft will expire on February 29, 2016.Ĭopyright (c) 2015 IETF Trust and the persons identified as the Internet-Draft Gossiping in CT August 2015 ![]() Material or to cite them other than as "work in progress." It is inappropriate to use Internet-Drafts as reference Internet-Drafts are draft documents valid for a maximum of six monthsĪnd may be updated, replaced, or obsoleted by other documents at any Note that other groups may also distribute Internet-Drafts are working documents of the Internet Engineering This Internet-Draft is submitted in full conformance with the Policy is agreed on between client and trusted party. Privacy sensitive data being handled according to whatever privacy With trusted auditors or monitors directly, with expectations of HTTPS clients in a Trusted Auditor Relationship share SCTs and STHs Signed Tree Heads (STHs) ( Section 3.5 of ) with otherĬonnecting clients in the hope that STHs will find their way to In STH Pollination, HTTPS clients use HTTPS servers as pools sharing Servers which in turn share them with CT auditors. Privacy-preserving manner by sending SCTs to originating HTTPS Timestamps (SCTs) ( Section 3.2 of ) with CT auditors in a SCT Feedback enables HTTPS clients to share Signed Certificate Transparency (CT) : SCT Feedback, STH Pollination and This document describes three gossiping mechanisms for Certificate Gossiping in CT draft-ietf-trans-gossip-00 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |