[Cryptography] The Trouble with Certificate Transparency

Eric Mill eric at konklone.com
Thu Sep 25 15:15:15 EDT 2014


On Thu, Sep 25, 2014 at 1:52 AM, Ralf Senderek <crypto at senderek.ie> wrote:

>
> Given the powers of a post-snowden MITM, the claim in Greg's posting seems
> legitimate. At the moment when the browser makes the connection it is
> undetectable that the browser is being fooled, _unless_ the browser
> keeps track of the certificates it's visiting over time.
>
> Without this change in the browser any system that tries to verify a cert
> can be circumvented, not only CT. If the browser was able to check the
> cert (via CT log servers or other means) before the MITM comes into play
> there is the chance of detection of a targeted attack. The MITM could
> send the victim a forged revocation of the legitimate cert and send a
> forged follow-up cert for the targeted domain name, but even if the MITM
> is in possession of the CA private key of one of the many CAs in the
> trust chain, the browser will be able to detect that the new forged cert
> had been issued by a different CA. Discontinuity is the sign that
> something may be wrong here.
>
> I cannot see why CT alone will get us out of trouble.
>
>
>      --ralf
>

CT alone definitely won't get us out of trouble. But it removes, warns of,
and deters a class of threats, and is deployable today, politically and
technically. It's definitely far from perfect, but I think it represents
progress.

I also don't think it competes with other more ambitious new architecture
ideas like DNSChain, which I deeply admire and want to see gain adoption. I
recognize that Greg feels that they do compete, but I think that CT can be
seen as one incremental step on the road towards more fundamental change.

Ben Laurie made a mistake by devoting a paragraph to dismissing DNSChain
and blockchain projects as religious. I think Greg makes a mistake by
coming as close as he does to accusing Ben Laurie and Google of flat-out
lying.

-- Eric


> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>



-- 
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140925/747543a2/attachment.html>


More information about the cryptography mailing list