[Cryptography] The Trouble with Certificate Transparency
Theodore Ts'o
tytso at mit.edu
Sun Sep 28 20:03:13 EDT 2014
On Sun, Sep 28, 2014 at 03:27:07PM -0700, Greg wrote:
>
> Verisign is also but one small slice of the pie of potential
> malicious actors (see the diagrams in the blog post for a more
> complete picture).
If that *everyone* is out to get you, there's very little CT or
anything based on traditional x.509 certificates can do, short of
exchanging keys PGP style in person, and maybe using PGP certificates
in a very tiny web of trust.
So if your threat model is one where everyone is out to get you, yes,
it's hopeless.
The whole point of something like CT is to expand the number of actors
that have to be malicious, and hopefully expanding to required set of
actors that have to be subverted by a National Security Letter to such
a point where the pervasive monitoring can no longer be a secret
(because someone will leak it), or hopefully, that at least some of
the required actors will be beyond the reach of a NSL.
And yes, it will be much harder to stop the US Government than the
Iranian Secret Police. But CT deployed correctly can almost certainly
stop the latter trying to perpetrate a Diginotar-style attack, and
hopefully slow down the former so that the difficulty is at least as
hard as doing a targetted black bag job on the target's hardware.
Cheers,
- Ted
More information about the cryptography
mailing list