Privacy analysis of the DNS-based protocol for obtaining inclusion proof

[Eran Messeri]

All,

We're soliciting feedback on the privacy implications of using the DNS-based protocol for obtaining inclusion proofs from mirrors of CT logs (link to protocol description).

I've attempted a privacy analysis, together with Daniel Kahn-Gillmor, Sara Dickinson, Melinda Shore, in the following document:

https://docs.google.com/document/d/1DY2OsrSJDzlRHY68EX1OwQ3sBIbvMrapQxvANrOE8zM/view

The goal is to get community feedback on the correctness and completeness of the analysis, so that the privacy implications aspect of the protocol is publicly reasoned about and documented, and each CT client (in particular User Agents) could make an informed choice on implementing the protocol.

Please comment on the trans IETF mailing list, not the document itself.

Thanks,

Eran