<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Sep 25, 2014 at 1:52 AM, Ralf Senderek <span dir="ltr"><<a href="mailto:crypto@senderek.ie" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=crypto@senderek.ie&cc=&bcc=&su=&body=','_blank');return false;">crypto@senderek.ie</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><br>
Given the powers of a post-snowden MITM, the claim in Greg's posting seems<br>
legitimate. At the moment when the browser makes the connection it is<br>
undetectable that the browser is being fooled, _unless_ the browser<br>
keeps track of the certificates it's visiting over time.<br>
<br>
Without this change in the browser any system that tries to verify a cert<br>
can be circumvented, not only CT. If the browser was able to check the<br>
cert (via CT log servers or other means) before the MITM comes into play<br>
there is the chance of detection of a targeted attack. The MITM could<br>
send the victim a forged revocation of the legitimate cert and send a<br>
forged follow-up cert for the targeted domain name, but even if the MITM<br>
is in possession of the CA private key of one of the many CAs in the<br>
trust chain, the browser will be able to detect that the new forged cert<br>
had been issued by a different CA. Discontinuity is the sign that<br>
something may be wrong here.<br>
<br>
I cannot see why CT alone will get us out of trouble.<br>
<br>
<br>
--ralf<br></blockquote><div><br></div><div>CT alone definitely won't get us out of trouble. But it removes, warns of, and deters a class of threats, and is deployable today, politically and technically. It's definitely far from perfect, but I think it represents progress.<div><br></div><div>I also don't think it competes with other more ambitious new architecture ideas like DNSChain, which I deeply admire and want to see gain adoption. I recognize that Greg feels that they do compete, but I think that CT can be seen as one incremental step on the road towards more fundamental change.</div><div><br></div><div>Ben Laurie made a mistake by devoting a paragraph to dismissing DNSChain and blockchain projects as religious. I think Greg makes a mistake by coming as close as he does to accusing Ben Laurie and Google of flat-out lying.</div><div><br></div><div>-- Eric</div></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
______________________________<u></u>_________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=cryptography@metzdowd.com&cc=&bcc=&su=&body=','_blank');return false;">cryptography@metzdowd.com</a><br>
<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/<u></u>mailman/listinfo/cryptography</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><a href="https://konklone.com" target="_blank">konklone.com</a> | <a href="https://twitter.com/konklone" target="_blank">@konklone</a><br></div></div>
</div></div>