[Cryptography] The Trouble with Certificate Transparency
Bear
bear at sonic.net
Sat Sep 27 14:07:42 EDT 2014
On Sat, 2014-09-27 at 09:20 -0700, Tony Arcieri wrote:
> You can MitM the block chain just as easily:
>
>
> 1) Alice wants to register the name "alice" with a NameCoin like
> system. Mallory wants to MitM her
> 2) Alice claims the name. Mallory intercepts her claim and produces a
> forked, poison block chain that contains the name "alice" with her
> key. Mallory registers the name "alice" with a poison key, and puts
> that in the "real" block chain
> 3) Bob tries to communicate with "alice" and looks up the poison data
> Mallory left in the block chain
But this fails because there is absolutely no way to prevent
Alice from knowing that her key has not been accepted into the
blockchain, nor from knowing that some other key is now
associated with the name "alice". Once Mallory has published
his "alice" key, he has absolutely no way to get Alice to use
it.
She will never publish the name "alice" as a correspondence
address if the key associated with it by the blockchain is
controlled by someone else. And if she's the one Bob wants to
communicate with, Bob will be using the name she gave him.
Bear
More information about the cryptography
mailing list