[Cryptography] End to end

Ben Laurie ben at links.org
Mon Sep 16 15:14:54 EDT 2013


On 16 September 2013 18:49, Phillip Hallam-Baker <hallam at gmail.com> wrote:

> To me the important thing about transparency is that it is possible for
> anyone to audit the key signing process from publicly available
> information. Doing the audit at the relying party end prior to every
> reliance seems a lower priority.
>

This is a fair point, and we could certainly add on to CT a capability to
post-check the presence of a pre-CT certificate in a log.


> In particular, there are some type of audit that I don't think it is
> feasible to do in the endpoint. The validity of a CT audit is only as good
> as your newest notary timestamp value. It is really hard to guarantee that
> the endpoint is not being spoofed by a PRISM capable adversary without
> going to techniques like quorate checking which I think are completely
> practical in a specialized tracker but impractical to do in an iPhone or
> any other device likely to spend much time turned off or otherwise
> disconnected from the network.
>

I think the important point is that even infrequently connected devices can
_eventually_ reveal the subterfuge.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130916/d8112f2e/attachment.html>


More information about the cryptography mailing list