my thoughts from today's meeting
76 views
Skip to first unread message
Daniel Kahn Gillmor
Jan 29, 2016, 11:52:26 AM1/29/16
to binary-tr...@googlegroups.com
Some key points from today's call--
BT organization structure
-------------------------
It's possible that it will be better to structure b-t in a very
different way from CT. In CT, we've got a few logs that operate
separately from the cryptographic authorities (CAs in this case), and
lots of clients rely on many many CAs, and all the CAs already use the
same format (X.509) to produce their assertions.
In BT, most clients rely on only a few cryptographic authorities (their
software vendors), and the vendors use different formats to produce
their assertions.
So maybe the software vendor itself runs its own log, and instead of (or
in addition to) providing signatures over given files, it provides
inclusion proofs in its own log. Then peer software vendors can gossip
the STHs of each others' logs.
One opportunity that arises here is for multiple vendors to adopt the
same BT structure as each other, even though their current signature
formats and the things they sign differ.
This is a different kind of work than what we've been contemplating thus
far, but i think it might be easier to make headway.
Code-signing Architectures
--------------------------
folks who do distributed code-signing need CT for their code-signing
certs, so that for example, "The Tor Project" can know that no one else
is getting code-signing certs with the name "The Tor Project" in them.
the main groups who rely on this sort of multi-provenance code-signing
are apple and microsoft, though. we would probably need an internal
champion at those orgs to get traction.
Motivational notes
------------------
I now have even stronger reasons to think that there are people who are
making malicious signatures by abusing cryptographic signing keys in
secret. We should get something like this working to limit those
attack vectors.
--dkg
BT organization structure
-------------------------
It's possible that it will be better to structure b-t in a very
different way from CT. In CT, we've got a few logs that operate
separately from the cryptographic authorities (CAs in this case), and
lots of clients rely on many many CAs, and all the CAs already use the
same format (X.509) to produce their assertions.
In BT, most clients rely on only a few cryptographic authorities (their
software vendors), and the vendors use different formats to produce
their assertions.
So maybe the software vendor itself runs its own log, and instead of (or
in addition to) providing signatures over given files, it provides
inclusion proofs in its own log. Then peer software vendors can gossip
the STHs of each others' logs.
One opportunity that arises here is for multiple vendors to adopt the
same BT structure as each other, even though their current signature
formats and the things they sign differ.
This is a different kind of work than what we've been contemplating thus
far, but i think it might be easier to make headway.
Code-signing Architectures
--------------------------
folks who do distributed code-signing need CT for their code-signing
certs, so that for example, "The Tor Project" can know that no one else
is getting code-signing certs with the name "The Tor Project" in them.
the main groups who rely on this sort of multi-provenance code-signing
are apple and microsoft, though. we would probably need an internal
champion at those orgs to get traction.
Motivational notes
------------------
I now have even stronger reasons to think that there are people who are
making malicious signatures by abusing cryptographic signing keys in
secret. We should get something like this working to limit those
attack vectors.
--dkg
Reply all
Reply to author
Forward
0 new messages