[Cryptography] The Trouble with Certificate Transparency
James A. Donald
jamesd at echeque.com
Sat Sep 27 21:22:11 EDT 2014
On 2014-09-26 05:15, Eric Mill wrote:
> On Thu, Sep 25, 2014 at 1:52 AM, Ralf Senderek <crypto at senderek.ie
> <mailto:crypto at senderek.ie>> wrote:
>
>
> Given the powers of a post-snowden MITM, the claim in Greg's posting
> seems
> legitimate. At the moment when the browser makes the connection it is
> undetectable that the browser is being fooled, _unless_ the browser
> keeps track of the certificates it's visiting over time.
At the moment the browser makes the connection, it is told that the
current root hash for all certificates at the current time is X. It
receives a signed statement that X is the root hash for the current
period, and hash path leading from the certificate to the root hash.
So, if browser deceived, only the entity signing the root hash can
deceive it.
Later, the browser contacts one of the entities that monitor the
entities signing the root hash.
If the signed assurance it has received is inconsistent with the global
root has that the monitor has received, the monitor will have proof that
the entity signing the root has is unreliable - the monitor will have
two inconsistent signed statements as to the condition of the global
root hash.
And pretty soon, that entity is discredited.
So, by and by, only reliable entities sign the global root hash.
To be an entity accepted to sign the global root hash, have to be
monitored by several monitoring entities, who also monitor each other.
If accepted for any length of time, then not making mutually
contradictory signatures of the global root hash.
If not making mutually contradictory signatures of the global root hash,
then a hash path from an assertion containing information about a
globally unique name, to the global root hash, such as an assertion
about the public keys controlled by the rightful owner of that name is
proof that everyone, including the owner of that name, sees the same
information.
More information about the cryptography
mailing list