draft-linus-trans-gossip-ct Daniel Kahn Gillmor, ACLU Linus Nordberg, NORDUnet IETF93, Prague
◮ why ◮ log accountability – verifying the append-only property in space and over time ◮ changing entries ◮ not keeping the promise of an SCT ◮ log exposing multiple views (partitioning) ◮ how ◮ getting SCT’s and STH’s to auditors and monitors ◮ changes in -02 ◮ three browser channels for sharing SCT’s and STH’s ◮ STH pollination being the actual news ◮ working group adoption
CA Pre-cert or Cert cert request SCT cert chain + SCT Log Website [Cert] I n [SCT] c l u s i o n P r o STH,SCT o f Timestamps Consistency Proof STH x ,STH y HTTPS Tra ff ic STH Everything SCTs Auditor Browser Monitor Certificate Transparency (detect CA misbehavior)
CA Pre-cert or Cert cert request A ack SCT cert chain + SCT Log Website [Cert] I n [SCT] c l u s i o n P r o STH,SCT o f Timestamps Consistency Proof STH x ,STH y HTTPS Tra ff ic STH Everything SCTs Auditor Browser Monitor Certificate Transparency (detect CA misbehavior)
Gossip CA CA Pre-cert or Cert cert request SCT cert chain + SCT detect Log misbehavior Log Log Log Website [Cert] I n [SCT] c l u s i o n P r o STH,SCT o f Timestamps Consistency Proof STH x ,STH y HTTPS Tra ff ic STH Everything SCTs Auditor Browser Monitor Certificate Transparency (detect CA misbehavior)
Gossip CA CA Pre-cert or Cert cert request SCT cert chain + SCT detect Log misbehavior Log Log Log Website [Cert] I n [SCT] c l u s i o n P • SCT Feedback r o STH,SCT o f Timestamps Consistency Proof pollling? STH x ,STH y HTTPS SCT+certs Tra ff ic STH Everything SCT+certs SCTs Auditor Browser Monitor Certificate Transparency (detect CA misbehavior)
Gossip CA CA Pre-cert or Cert cert request SCT cert chain + SCT detect Log misbehavior Log Log Log Website [Cert] I n [SCT] c l u s i o n P • SCT Feedback r o STH,SCT o f STHs Timestamps STHs Consistency Proof STHs STHs pollling? • STH Pollination STH x ,STH y HTTPS SCT+certs Tra ff ic STH Everything SCT+certs SCTs Auditor Browser Monitor Certificate Transparency (detect CA misbehavior)
Gossip CA CA Pre-cert or Cert cert request SCT cert chain + SCT detect Log misbehavior Log Log Log Website [Cert] I n [SCT] c l u s i o n P • SCT Feedback r o STH,SCT o f STHs Timestamps STHs Consistency Proof STHs STHs pollling? • STH Pollination STH x ,STH y HTTPS SCT+certs Tra ff ic STH Everything SCT+certs SCTs • Trusted Auditor Auditor Browser Monitor SCT+certs Certificate Transparency (detect CA misbehavior)
Recommend
More recommend