[Cryptography] The Trouble with Certificate Transparency
Theodore Ts'o
tytso at mit.edu
Sat Sep 27 22:31:31 EDT 2014
On Sat, Sep 27, 2014 at 06:44:29PM -0700, Greg wrote:
>
> Ah yes, I see what you mean now, thank you for clarifying. This
> doesn't really fix the problem, but it might make life more
> difficult for everyone (including the MITM, and those who are trying
> to use CT legitimately).
I don't see why using multiple SCT's from different legal
jurisdictions is a terribly onerous thing. But I'm glad you agree
that it does clearly make life harder for the MITM attacker.
But if we set aside NSL's for a moment, consider the scenario of what
happened with Diginotar, where either Iran or the NSA (depending which
theory you subscribe to) hacked into Dutch CA --- no NSL was used, nor
would an NSL have worked, since Diginotar was based in Holland.
If we were using CT, and required SCT's from multiple entities, then
Iran (or the NSA) would have had to compromise multiple log service
entities in order to surreptitiously carry out a pervasive monitoring
attack, instead of just needing to compromise a single, apparently
badly run, CA.
- Ted
P.S. I am making no claims about how well or poorly other CA's might
be run by that last statement. :-)
More information about the cryptography
mailing list