[messaging] The Trouble with Certificate Transparency

Tao Effect contact at taoeffect.com
Wed Sep 24 14:15:04 PDT 2014

On Sep 24, 2014, at 12:55 PM, elijah <elijah at riseup.net> wrote:

> On 09/24/2014 11:08 AM, Tao Effect wrote:
>> I've finally taken the time to explain via diagrams and many words how
>> undetected MITM attacks can happen with Certificate Transparency.
> It strikes me that you are not allowing for any distinction between a
> MiTM attack that happens once, and a MiTM attack that is only successful
> if it can be carried off from the moment a computer first contacts the
> internet (and carried on forever if the attacker doesn't want to be
> detected). What scenario do you have in mind where the latter is possible?

Well, I'm primarily focusing on MITM attacks that happen more than once, and are undetected, but not in the sense that you've presented it (MITM attack 24/7 from beginning of time).

A 24/7 MITM attack from birth to death simply goes undetected in all systems, and it's probably impossible to do anything about that.

However, the issue with CT is as I pointed out several months ago back in May, that detection depends on successful gossip.

Sure, it's possible, if the gossip succeeds, that proof of failure (not misbehavior) has occurred. The problem here is:

1. Gossip could be blocked.
2. If Gossip isn't blocked, and you're able to prove failure... so what? What then? The RFC is rather silent on this.

The blockchain, on the other hand, doesn't have problem #2.

Even if MITM suddenly starts blocking all new blocks and only showing blocks it creates, the node has a giant store of accurate data that the MITM cannot modify. Not so with CT.

> Also, if browsers contain auditors, why can't these auditors be
> pre-seeded with the hash of different logs at the time the browser was
> compiled?

Sorry, what is this referring to? The post acknowledges that browsers have public keys of logs.

Kind regards,

Please do not email me anything that you are not comfortable also sharing with the NSA.

> -elijah
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140924/4a5ff337/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140924/4a5ff337/attachment.sig>

More information about the Messaging mailing list