[Cryptography] The Trouble with Certificate Transparency
Tony Arcieri
bascule at gmail.com
Sat Sep 27 17:14:23 EDT 2014
On Sat, Sep 27, 2014 at 1:58 PM, Greg <greg at kinostudios.com> wrote:
> What do you mean by "network partition"?
>
> Maybe this will help, go to Google's "How Log Proofs Work" page:
>
> http://www.certificate-transparency.org/log-proofs-work
>
> Look at the little green boxes that represent certificates.
>
> So, one of those green boxes will be a legitimate certificate, and the
> other will be the fraudulent one.
>
> Neither consistency nor audit proofs will let a client know whether or not
> the cert they're being shown is fraudulent or not, and that is even when
> both of them are in the same log (which they don't have to be).
>
> Gossip just sends the little red boxes between the server and the clients.
> They don't matter.
>
Nothing you just said has anything to do with the question at hand: what
happens when the latest tree in the log is incongruent with the old one.
I'd allege: CT should detect that and suggest something is amiss.
And, again, it's no different than Namecoin detecting a fork in the block
chain. What does Namecoin do in that case? What actionable information does
it present to the user.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140927/a1019aeb/attachment.html>
More information about the cryptography
mailing list