[Cryptography] The Trouble with Certificate Transparency

Greg greg at kinostudios.com
Sat Sep 27 21:04:50 EDT 2014


On Sep 27, 2014, at 5:23 PM, Theodore Ts'o <tytso at mit.edu> wrote:

> On Sat, Sep 27, 2014 at 03:15:25PM -0700, Greg wrote:
>> 
>> https://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/
> 
> I've looked at the blog entry, and compared it to the Certificate
> Transparency descriptions, and I believe that CT does add value.  Is
> it a silver bullet that solves all problems?  Of course not.
> 
> The fact that anyone can run a log, and a certificate (or TLS session)
> should include multiple SCT's, including some from trusted third-party
> log services, means that if a government agency wants to order a CA to
> issue a bogus cert via a NSL order, it would now need to send NSL's to
> N log services so they could also issue SCT's and create forked Merkle
> Hash Trees.

No, that is not true.

The SCTs in the certificate are the ones the MITM puts there.

They are not the ones you're thinking of (that whatever trustworthy entity chose).

- Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140927/08ad6032/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140927/08ad6032/attachment.sig>


More information about the cryptography mailing list