<div dir="ltr">Hello Greg,<div><br></div><div>I'm sorry, I did not understand the idea of providing different trees and proofs to different parties. </div><div><br></div><div>If I understand correctly, it should be prevented by Auditors and the gossip protocol (yes, I understand it is not specified in fact). Auditors and gossip protocol are designed for solving precisely this case.</div><div>The other possibility is that the Merkle tree is not neither append-only nor verifiable. </div><div><br></div><div>We should have an perfect MITM that can intercept all the communications by the victim and her/his software to turn this scenario into real life. </div><div><br></div><div>And, BTW, if we ask for more than one SCT in the cert as Ben does, the attack becomes much more difficult even for the perfect MITM. </div><div><br></div><div>Thank you!</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 24, 2014 at 10:14 PM, Greg <span dir="ltr"><<a href="mailto:greg@kinostudios.com" target="_blank">greg@kinostudios.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div>This post shows how undetected MITM attacks still remain possible even if Certificate Transparency (CT) becomes widely deployed.</div><span class=""><div><br></div><div>Many thanks go to Zaki (@zmanian), Simon (@simondlr) and others to reviewing it prior to publication:</div><div><br></div><div><a href="http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/" target="_blank">http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/</a></div><div><br></div><div>Kind regards,</div><div>Greg</div><div>
<br><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">--</span><br style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">Please do not email me anything that you are not comfortable also sharing</span><span style="color:rgb(0,0,0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none"> with the NSA.</span>
</div>
<br></span></div><br>_______________________________________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><br>
<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>SY, Dmitry Belyavsky
</div>