[Cryptography] The Trouble with Certificate Transparency

Dmitry Belyavsky beldmit at gmail.com
Thu Sep 25 08:42:01 EDT 2014


Hello Greg,

I'm sorry, I did not understand the idea of providing different trees and
proofs to different parties.

If I understand correctly, it should be prevented by Auditors and the
gossip protocol (yes, I understand it is not specified in fact). Auditors
and gossip protocol are designed for solving precisely this case.
The other possibility is that the Merkle tree is not neither append-only
nor verifiable.

We should have an perfect MITM that can intercept all the communications by
the victim and her/his software to turn this scenario into real life.

And, BTW, if we ask for more than one SCT in the cert as Ben does, the
attack becomes much more difficult even for the perfect MITM.

Thank you!


On Wed, Sep 24, 2014 at 10:14 PM, Greg <greg at kinostudios.com> wrote:

> This post shows how undetected MITM attacks still remain possible even if
> Certificate Transparency (CT) becomes widely deployed.
>
> Many thanks go to Zaki (@zmanian), Simon (@simondlr) and others to
> reviewing it prior to publication:
>
>
> http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/
>
> Kind regards,
> Greg
>
> --
> Please do not email me anything that you are not comfortable also sharing with
> the NSA.
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>



-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140925/c6f37f53/attachment.html>


More information about the cryptography mailing list