[Cryptography] The Trouble with Certificate Transparency

[Greg]

Dear Rich,

On Sep 28, 2014, at 2:52 PM, Salz, Rich <rsalz at akamai.com> wrote:

> Another interesting aspect of CT is that it significantly raises the cost of a CA to agree to an NSL. Imagine someone like Verisign is compelled to issue a bogus certificate, and that it is found out. Verisign is now stuck: either run the risk of violating the NSL and admitting what happened, or run the risk of having their CA removed from the browser's trust store, rendering ALL Verisign sites untrusted. In essence, the cost for compliance could be going out of business, which could be a pretty strong argument to make if appealing the order.  If CT does nothing else but make secret orders much**2 more difficult that seems a good thing.

In this particular example, there is a third option that is more likely to happen than either of the two you've presented: Verisign will say they were hacked, and that their private keys were used without their consent or knowledge.

The damage will have been done to the victims (who get no recourse), and the money and efforts to deploy CT will have been spent (and wasted, IMO).

Verisign is also but one small slice of the pie of potential malicious actors (see the diagrams in the blog post for a more complete picture).

Kind regards,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140928/2bbb7305/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140928/2bbb7305/attachment.sig>