[Cryptography] The Trouble with Certificate Transparency

[Greg]

On Sep 27, 2014, at 11:52 AM, Tony Arcieri <bascule at gmail.com> wrote:

> On Sat, Sep 27, 2014 at 11:07 AM, Bear <bear at sonic.net> wrote:
> Once Mallory has published his "alice" key, he has absolutely no way to get Alice to use it.
> 
> This is a *naming* system. Other people are trying to map a name to a key, not the other way around. Mallory is trying to trick other people who are trying to talk to alice into using the wrong key, while making it appear to Alice that the correct key is published.
> 
> Meanwhile a MitM can show Alice a forked block chain where her key appears legitimate, and in the process poison any new entries which are added to the block chain with MitMed keys.

There is only a tiny window where this could happen, making it unlikely to happen in the first place.

That window is before Alice has registered her name in the blockchain.

The attacker would have to somehow anticipate the instant when Alice goes to register her name or domain name in the blockchain and replace it with a fake one, while showing Alice the one Mallory created in the fake fork, and then doing that for perpetuity, following Alice as she goes from Wifi to Wifi, and still Alice will likely detect the attack as per the previous discussion.

Completely. Different.

Kind regards,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140927/b0b10835/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140927/b0b10835/attachment.sig>