[Cryptography] The Trouble with Certificate Transparency

Watson Ladd watsonbladd at gmail.com
Fri Sep 26 23:34:15 EDT 2014


On Fri, Sep 26, 2014 at 8:07 PM, Tony Arcieri <bascule at gmail.com> wrote:
> On Fri, Sep 26, 2014 at 6:34 PM, Greg <greg at kinostudios.com> wrote:
>>
>> We've already acknowledged on twitter [1] the fact that this class of
>> attack does not work on blockchains and DNSChain.
>
>
> Hi Greg,
>
> You're wrong, and here's why.
>
> In the James Mickens security scale of "Not Mossad" to "Mossad", your attack
> falls into the class of "Mossad".

Funny, I didn't realize that Israeli intelligence was involved in
Diginotar or Turktrust. And if the CAs run the logs, we can expect
that they will be vulnerable to the same bugs as the CA, as people
will use the same sort of systems. It's not an unreasonable question
to ask: what if both trusted people are the same?

Sincerely,
Watson
>
> Here's the problem with that: you lose. The end.
>
> --
> Tony Arcieri
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin


More information about the cryptography mailing list