[Cryptography] [messaging] Gossip doesn't save Certificate Transparency

Jerry Leichter leichter at lrw.com
Fri Oct 17 07:32:43 EDT 2014

On Oct 15, 2014, at 8:18 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
>>> Here I'm sitting, using my phone for Internet with a 2 gig limit before the charges start coming
>> in. I avoid 30MB downloads like the plague.
>> a)  Deltas will be tiny.  How often does a site need to change its keys?
>> b)  You never connect to WiFi?  Just how up-to-the-minute do you need your list of keys to be?
> If deltas are tiny, then there is much less of a problem.
Since we're talking specifically about size, keep in mind that my 30 meg estimate was deliberately on the high side, assuming 100,000 RSA keys and uncompressed site names.  If you use ECC, compressed site names, and let those for whom size is a major issue use a shorter list, the file could be dramatically smaller,

> If a site can continue to use its old key while phasing in a new one, then if I can select the old key I can wait until I get to an area of high bandwidth/cheap bandwidth before updating the keys.
Keep in mind that for this to work there needs to be a proper key rollover procedure.  Presumably the site will send you its new key signed with its old one, which you'll normally accept if your copy of the old key is recent enough.  That doesn't handle revocation in the case of key compromise - but that's impossible without real-time validation of keys, which (a) is an independent issue that's the same whether we are talking certs or keys; (b) comes with its own bag of problems.

> If, on the other hand, it all happens "automagically" in the background, I may buy a big bill with out knowing it. I have this problem with auto-download of replacement phone software. That download takes about an hour on DSL. I don't know what it will do to my cell phone bill, which is why I have the system set to download only on command.
A decent implementation would need to allow you to control this.  It's not hard.  (In fact, in iOS the ability to use cellular data is directly controllable on an app by app basis through the OS, exactly to deal with this kind of thing.  I don't know if recent versions of Android provide the same capability.)

>>> At home, with "unlimited" (i.e. how much bandwidth does DSL have anyway), I would feel differently.
>> I also have friends with only dialup, and they will indeed feel very differently from me.
>> What modern web sites are they looking at over dialup?
> I have no idea, but I could see them doing banking.
I stopped thinking of dialup as a significant constraint when by wife's parents finally, after complaining for years about how "they take away the stuff you use and make you pay more", finally dropped their AOL dialup account and got their Internet through the cable provider they were paying for anyway.  One bases one's views on personal experience, I guess.  

The most recent statistic for the US that I was able to find in a quick search was a Pew survey done in May 2013, at which time 3% of users used dialup for Internet access from home - a percentage that hadn't changed since an August 2011 survey, even as broadband usage grew from 62% to 70%.  Having seen - even a couple of years back - just how limited a view of the Internet dialup provides today, I wouldn't worry very much about how to provide crypto updates to that remaining population.  What they need much more is better access.

>> At some point, one has to move on and stop supporting IE6 :-).  Should we also worry about people still using 2400 baud modems?
> Well, I think there will always be people with poor connectivity. I think we should make it possibile for them to enjoy as much of the online world as possible. We probably can't show them movies, but email and text messaging are low bandwidth. Some level of web browsing is also possible, limited by their patients.
> How do you think we should treat them?
I don't see any particular responsibility on anyone's part to adjust things to an obsolete least-common-denominator.

Back in the 1970's, I designed protocols that had to run in Europe over X.25.  The European PTT's at the time had a complete monopoly on any communications infrastructure that cross public space.  If you had two buildings on opposite sides of a road, you couldn't run a wire between them - you had to use the PTT and X.25.  X.25 was charged by the packet - I think 128 bytes.  Send a one-byte ACK - pay for a packet.  And that packet did not come cheap.  Designing for this environment was crippling.  Imagine if the designers of IP had been told that it had to work - at "reasonable cost" - over X.25.

Times change.  Technology changes.  Yes, people get left behind unless they are in a position to upgrade.  The US continues to have massive fraud problems with credit cards because we refused for so long to move off of magnetic stripe technology:  Just think of the cost of replacing all those POS systems!  Even now, we're doing a half-way move to chip-and-signature, which is only a small improvement over chip-and-pin - but does a better job of keeping all those "legacy" players going.

More information about the cryptography mailing list