[Cryptography] The Trouble with Certificate Transparency

Greg greg at kinostudios.com
Sat Sep 27 18:49:20 EDT 2014 

On Sep 27, 2014, at 3:31 PM, Paul Wouters <paul at cypherpunks.ca> wrote:

> On Sat, 27 Sep 2014, Greg wrote:
> 
>> The two certs (legit and false) will happily live side-by-side in the tree undetected by the gossip protocol.
> 
> That's why clients reporting a cert change to the TLS server is a very
> useful tool. Once you are no longer MITM'ed and see a different cert,
> you inform the legitimate owner that something bad happened. So it
> becomes obvious to everyone without needing to monitor "1000s of logs",
> because the owners will automatically collect rogue certs for
> investigation.

OK, interesting, that I haven't seen before in any CT documentation.

If that's how it worked then the MITM would need to consistently filter all traffic to hide those reports back to the server (they'd end up needing to perpetually MITM in other words). That would be difficult to do.

Is there any documentation on the details of this? This could be done for today's TLS actually and would be useful.

I suspect this might go up against Laurie's "Must be fast" criteria though, as it would add more overhead to each TLS connection.

> For important domains (defined by the user, for example by "having been
> there once before") it can simply insist on rejecting every cert change
> that has not been validated by a handful of indepedant logs.

What do you mean by "validated by a handful of independent logs", could you elaborate on that? What part of CT is that in reference to?

Kind regards,
Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140927/741336fd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140927/741336fd/attachment.sig>

More information about the cryptography mailing list