[Cryptography] The Trouble with Certificate Transparency
Ralph Holz
ralph-cryptometzger at ralphholz.de
Thu Sep 25 16:41:49 EDT 2014
Hi,
>> That is not what CT is for. CT is meant to detect (and prove) CAs
>> misissuing certificates.
>
> And that is the problem. In the above scenario it does not help to be
> able to detect the misuse after successfully being MITMed. Protection
> against a MITM by use of certs must work when the act of misuse
> happens or the damage is done already.
CT was designed to make attacks like DigiNotar near impossible - by
detecting and containing the attack fast, but post-fact. That was before
the NSA became the attacker everyone is concerned about. CT is about
transparency.
The crucial point for CT to work is the existence of monitors and
auditors, and a certain number of logs.
CT solves attack detection quite neatly - even against a strong global
attacker.
CT also protects quite some level of protection for clients - if
multiple SCTs are used, and monitoring, auditing and finally gossiping
is in place.
You may argue that is not much, but I think it's better than many other
concepts. Personally, I like key pinning as an extremely strong way to
prevent further attacks.
Ralph
More information about the cryptography
mailing list