[Cryptography] The Trouble with Certificate Transparency
Ralf Senderek
crypto at senderek.ie
Thu Sep 25 04:52:51 EDT 2014
Given the powers of a post-snowden MITM, the claim in Greg's posting seems
legitimate. At the moment when the browser makes the connection it is
undetectable that the browser is being fooled, _unless_ the browser
keeps track of the certificates it's visiting over time.
Without this change in the browser any system that tries to verify a cert
can be circumvented, not only CT. If the browser was able to check the
cert (via CT log servers or other means) before the MITM comes into play
there is the chance of detection of a targeted attack. The MITM could
send the victim a forged revocation of the legitimate cert and send a
forged follow-up cert for the targeted domain name, but even if the MITM
is in possession of the CA private key of one of the many CAs in the
trust chain, the browser will be able to detect that the new forged cert
had been issued by a different CA. Discontinuity is the sign that
something may be wrong here.
I cannot see why CT alone will get us out of trouble.
--ralf
More information about the cryptography
mailing list