[messaging] The Trouble with Certificate Transparency

elijah elijah at riseup.net
Wed Sep 24 12:55:26 PDT 2014


On 09/24/2014 11:08 AM, Tao Effect wrote:

> I've finally taken the time to explain via diagrams and many words how
> undetected MITM attacks can happen with Certificate Transparency.

It strikes me that you are not allowing for any distinction between a
MiTM attack that happens once, and a MiTM attack that is only successful
if it can be carried off from the moment a computer first contacts the
internet (and carried on forever if the attacker doesn't want to be
detected). What scenario do you have in mind where the latter is possible?

Also, if browsers contain auditors, why can't these auditors be
pre-seeded with the hash of different logs at the time the browser was
compiled?

-elijah

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140924/8a68b383/attachment.sig>


More information about the Messaging mailing list