[Cryptography] The Trouble with Certificate Transparency
Greg
greg at kinostudios.com
Sat Sep 27 16:16:10 EDT 2014
On Sep 27, 2014, at 12:49 PM, Tony Arcieri <bascule at gmail.com> wrote:
> On Sat, Sep 27, 2014 at 12:16 PM, Greg <greg at kinostudios.com> wrote:
> As explained in several places now, it does not provide any such guarantees
>
> You're saying a system based on Merkle trees won't detect incongruences in the trees?
That's not what I'm saying at all.
I'm saying their trees work like Merkle trees are supposed to work, and that none of their proofs detect mis-issued certificates.
The two certs (legit and false) will happily live side-by-side in the tree undetected by the gossip protocol.
Cheers,
Greg
--
Please do not email me anything that you are not comfortable also sharing with the NSA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140927/50860922/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140927/50860922/attachment.sig>
More information about the cryptography
mailing list