On Thursday, October 2, 2014, Ben Laurie <<a href="mailto:ben@links.org">ben@links.org</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 25 September 2014 09:48, Trevor Perrin <<a href="javascript:;" onclick="_e(event, 'cvml', 'trevp@trevp.net')">trevp@trevp.net</a>> wrote:<br>
The difference is that with CT the user whose key changes necessarily<br>
becomes aware that it has changed. In "the simple thing?" only the<br>
targeted user of the key is aware of this change.<br></blockquote><div><br></div><div>CT makes detecting key changes symmetric between the parties that intend to communicate.</div><div><br></div><div>Traditional TOFU gives MitMs a *choice* of who to target. This makes things easier for adversaries in a lot of common situations. (E.g., impersonate the MBA to the crypto guy, or the crypto guy to the MBA?)</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
It seems odd to argue that scheme A is better than scheme B because A<br>
reduces the chance of detection of badness vs B and thus doesn't raise<br>
the problem of what you do about that badness...<br></blockquote><div><br></div><div>+1. I'd note, as well, that TOFU/pinning is not inherently incompatible with CT: TOFU could be used by the correspondents of someone who wants their public key to be secret, while they use CT to confirm others' keys.</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
BTW, it seems to me that getting to the state where key changes are<br>
rare would be useful in either case.</blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"></blockquote><div><br></div><div>This seems impossible without large investments in securing hardware. There's some secure-ish hardware available in the certificate case (a few HSMs). But for the messaging case, we don't even have that...</div>