[Cryptography] The Trouble with Certificate Transparency
Greg
greg at kinostudios.com
Fri Sep 26 22:06:54 EDT 2014
Dear Dmitry,
Thank you for the reply.
On Sep 25, 2014, at 6:40 AM, Dmitry Belyavsky <beldmit at gmail.com> wrote:
> If I understand correctly, it should be prevented by Auditors and the gossip protocol (yes, I understand it is not specified in fact). Auditors and gossip protocol are designed for solving precisely this case.
Well, please reply with the details of gossip.
This blog post was simply a more formal way of restating an email I'd brought up on [trans] back in May.
I pointed out back then that gossip was essential if this attack is to have any hope of being detected, and I am still waiting for those details.
> And, BTW, if we ask for more than one SCT in the cert as Ben does, the attack becomes much more difficult even for the perfect MITM.
Define "much more"? If we're dealing with "the perfect MITM", they might own one of the CAs, and then only need to send an NSL to another (or hack another). Not too difficult for "the perfect MITM".
Kind regards,
Greg Slepak
P.S. Feel free to pick a list you'd like to restrict this conversation to, as we're currently replying on both [Cryptography] and [therightkey]. Just let me know which one you'd like to stick with.
--
Please do not email me anything that you are not comfortable also sharing with the NSA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140926/dd63f976/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140926/dd63f976/attachment.sig>
More information about the cryptography
mailing list