[Cryptography] The Trouble with Certificate Transparency

Bear bear at sonic.net
Sat Sep 27 14:07:42 EDT 2014


On Sat, 2014-09-27 at 09:20 -0700, Tony Arcieri wrote:

> You can MitM the block chain just as easily:
> 
> 
> 1) Alice wants to register the name "alice" with a NameCoin like
> system. Mallory wants to MitM her
> 2) Alice claims the name. Mallory intercepts her claim and produces a
> forked, poison block chain that contains the name "alice" with her
> key. Mallory registers the name "alice" with a poison key, and puts
> that in the "real" block chain
> 3) Bob tries to communicate with "alice" and looks up the poison data
> Mallory left in the block chain

But this fails because there is absolutely no way to prevent 
Alice from knowing that her key has not been accepted into the 
blockchain, nor from knowing that some other key is now 
associated with the name "alice".  Once Mallory has published 
his "alice" key, he has absolutely no way to get Alice to use 
it.

She will never publish the name "alice" as a correspondence 
address if the key associated with it by the blockchain is 
controlled by someone else.  And if she's the one Bob wants to
communicate with, Bob will be using the name she gave him.

			Bear







More information about the cryptography mailing list