[Cryptography] [messaging] Gossip doesn't save Certificate Transparency

Phillip Hallam-Baker phill at hallambaker.com
Wed Oct 15 15:48:43 EDT 2014


On Sun, Sep 28, 2014 at 1:47 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Chris Palmer <snackypants at gmail.com> writes:
>
>>On Saturday, September 27, 2014, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>>> That's always puzzled me about CT, who is going to monitor these logs, and why
>>> would they bother?  This seems to be built from the same fallacy as "open-
>>> source code is more secure because lots of people will be auditing the code
>>> for security bugs".
>>
>>It's a simple matter of a shell script to scan logs for misissuance for names
>>you care about. Google certainly cares, EFF and other activist organizations,
>>PayPal, Facebook, ...
>
> So in other words it'll help the organisations who are already more or less
> covered by certificate pinning (except that CT does it in a really roundabout,
> complex manner rather than directly at the source as pinning does).
>
> Looking at what CT gives you, there seem to be three scenarios to cover:
>
> 1. Cert issued for Google or Paypal.
> 2. Cert issued for First Bank of Podunk.
> 3. Cert issued for www.verify-chase-credit-card.com.

CT gives me an infrastructure of notaries that I can use as the
starting point to hang useful stuff on. Think of it like the olympics.
No city wants the olympics, they are a pain. But if you want to have a
subway line built out from Boston to (say) Woburn it will take 50
years through incremental expansion of the green line. Stick the
olympic stadium in Woburn and construction has to be done inside a
five year window.

The big problem in PKI has always been revocation. The Diginotar event
would not have been half as bad if we could revoke the certs. The idea
of CT is to provide earlier notice that a CA has been breached and not
noticed, an event that has so far happened once in 20 years. But
without revocation it doesn't do much.

Fortunately, compressed CRLs solve the revocation problem. But to
apply our scheme you have to have a complete list of issued certs. So
CT is convenient.


More information about the cryptography mailing list