[messaging] The Trouble with Certificate Transparency

Tao Effect contact at taoeffect.com
Fri Sep 26 17:16:15 PDT 2014

On Sep 25, 2014, at 4:32 AM, Ben Laurie <ben at links.org> wrote:

>> 1. Gossip could be blocked.
> Blocking our proposed mechanism == blocking all TLS. So, it could be,
> but it would be kinda obvious...

Where do you specify that blocking gossip = blocking TLS?

And where do you specify the details of how gossip works? Still isn't in RFC 6962...

>> 2. If Gossip isn't blocked, and you're able to prove failure... so what?
>> What then? The RFC is rather silent on this.

Any support with this question?

>> The blockchain, on the other hand, doesn't have problem #2.
>> Even if MITM suddenly starts blocking all new blocks and only showing blocks
>> it creates, the node has a giant store of accurate data that the MITM cannot
>> modify. Not so with CT.
> Why not?

Because the contents of the entries in the blockchain belong to their respective owners.

> If clients want to download the whole log, they can.

Ben, according to your documentation, clients do not download whole logs, Monitors do. Monitors are not web browsers.

Now, you're welcome to come back at me and say that Google Chrome is going to start downloading "All The Logs!", but something tells me you're not going to do that.

Kind regards,

Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140926/ada6d60d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140926/ada6d60d/attachment.sig>

More information about the Messaging mailing list