draft-linus-trans-gossip-ct Daniel Kahn Gillmor, ACLU Linus - - PowerPoint PPT Presentation

draft linus trans gossip ct
SMART_READER_LITE
LIVE PREVIEW

draft-linus-trans-gossip-ct Daniel Kahn Gillmor, ACLU Linus - - PowerPoint PPT Presentation

May 21, 2023 298 likes •395 views

draft-linus-trans-gossip-ct Daniel Kahn Gillmor, ACLU Linus Nordberg, NORDUnet IETF93, Prague why log accountability verifying the append-only property in space and over time changing entries not keeping the promise of an SCT

slide-1
SLIDE 1

draft-linus-trans-gossip-ct

Daniel Kahn Gillmor, ACLU Linus Nordberg, NORDUnet IETF93, Prague

slide-2
SLIDE 2 ◮ why ◮ log accountability – verifying the append-only property in space and over time ◮ changing entries ◮ not keeping the promise of an SCT ◮ log exposing multiple views (partitioning) ◮ how ◮ getting SCT’s and STH’s to auditors and monitors ◮ changes in -02 ◮ three browser channels for sharing SCT’s and STH’s ◮ STH pollination being the actual news ◮ working group adoption
slide-3
SLIDE 3

Log

Monitor Auditor Browser Website

[Cert] [SCT] Timestamps Everything STH STHx,STHy Consistency Proof STH,SCT I n c l u s i

  • n

P r

  • f

CA

Pre-cert or Cert SCT cert request cert chain + SCT SCTs HTTPS Traffic

Certificate Transparency (detect CA misbehavior)

slide-4
SLIDE 4

Log

Monitor Auditor Browser Website

[Cert] [SCT] Timestamps Everything STH STHx,STHy Consistency Proof STH,SCT I n c l u s i

  • n

P r

  • f

CA

Pre-cert or Cert SCT cert request cert chain + SCT SCTs HTTPS Traffic

Certificate Transparency (detect CA misbehavior)

Aack

slide-5
SLIDE 5

Log

Monitor Auditor Browser Website

[Cert] [SCT] Timestamps Everything STH STHx,STHy Consistency Proof STH,SCT I n c l u s i

  • n

P r

  • f

CA

Pre-cert or Cert SCT cert request cert chain + SCT SCTs HTTPS Traffic

Certificate Transparency (detect CA misbehavior)

Gossip

Log Log

detect Log misbehavior

CA

slide-6
SLIDE 6

Log

Monitor Auditor Browser Website

[Cert] [SCT] Timestamps Everything STH STHx,STHy Consistency Proof STH,SCT I n c l u s i

  • n

P r

  • f

CA

Pre-cert or Cert SCT cert request cert chain + SCT SCTs HTTPS Traffic

Certificate Transparency (detect CA misbehavior)

Gossip

Log Log

detect Log misbehavior

CA

SCT+certs SCT+certs pollling?

  • SCT Feedback
slide-7
SLIDE 7

Log

Monitor Auditor Browser Website

[Cert] [SCT] Timestamps Everything STH STHx,STHy Consistency Proof STH,SCT I n c l u s i

  • n

P r

  • f

CA

Pre-cert or Cert SCT cert request cert chain + SCT SCTs HTTPS Traffic

Certificate Transparency (detect CA misbehavior)

Gossip

Log Log

detect Log misbehavior

CA

SCT+certs SCT+certs pollling?

  • SCT Feedback

STHs STHs

  • STH Pollination

STHs STHs

slide-8
SLIDE 8

Log

Monitor Auditor Browser Website

[Cert] [SCT] Timestamps Everything STH STHx,STHy Consistency Proof STH,SCT I n c l u s i

  • n

P r

  • f

CA

Pre-cert or Cert SCT cert request cert chain + SCT SCTs HTTPS Traffic

Certificate Transparency (detect CA misbehavior)

Gossip

Log Log

detect Log misbehavior

CA

SCT+certs SCT+certs pollling?

  • SCT Feedback

STHs STHs

  • STH Pollination

STHs STHs SCT+certs

  • Trusted Auditor