[cabfpub] Upcoming changes to Google Chrome's certificatehandling

Ben Laurie benl at google.com
Tue Nov 12 19:35:33 UTC 2013


On 12 November 2013 19:18, Phillip Hallam-Baker <philliph at comodo.com> wrote:
>> On 12 November 2013 16:44, Phillip Hallam-Baker <philliph at comodo.com>
>> wrote:
>>>
>>> I can provide several ways to do Gossip that are completely solid with
>>> respect to my security metric of a social work factor over time. I
>>> introduce
>>> the concept here:
>>>
>>> http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-00
>>>
>>> What I cannot do is to provide a mechanism to allow a stand alone client
>>> to
>>> evaluate the Gossip traffic and use the output of the evaluation to gate
>>> certificate acceptance.
>
>
>> That is not the purpose of gossip in CT. Its purpose is to reveal any
>> attempts to fork a log.
>
>
> Why is it a problem to fork a log?
>
> It seems to me that forking a log is a great thing, the more independent
> logs we have the better. Grounding each log in another log is the purpose of
> Gossip.
>
> I think that what you are calling forking the log is an authenticity attack
> on the log or the log maintainer presenting different logs to different
> parties.

Indeed, the attack I want to prevent is two different versions of a
log. If you don't like "fork" to describe this, then feel free to
propose another term, however, this is exactly what I mean by forking
a log. I think it is also consistent with the usual meaning of fork
(which has to do with repositories - i.e. they are the same up to time
t, then they diverge). Grounding logs in other logs is something
different.

> Which are the attacks I am looking to defeat.

Then we share a goal.



More information about the Public mailing list