[messaging] The Trouble with Certificate Transparency

Ben Laurie ben at links.org
Sat Sep 27 04:38:53 PDT 2014


On 27 September 2014 01:16, Tao Effect <contact at taoeffect.com> wrote:
> On Sep 25, 2014, at 4:32 AM, Ben Laurie <ben at links.org> wrote:
>
>
> 1. Gossip could be blocked.
>
>
> Blocking our proposed mechanism == blocking all TLS. So, it could be,
> but it would be kinda obvious...
>
>
> Where do you specify that blocking gossip = blocking TLS?
>
> And where do you specify the details of how gossip works? Still isn't in RFC
> 6962...

It will never be in RFC 6962 (RFCs can't be substantially changed
after publication).

Since you've read the article
(http://queue.acm.org/detail.cfm?id=2668154), you already know I've
discussed gossip in it.

> 2. If Gossip isn't blocked, and you're able to prove failure... so what?
> What then? The RFC is rather silent on this.
>
> Any support with this question?
>
> The blockchain, on the other hand, doesn't have problem #2.
>
> Even if MITM suddenly starts blocking all new blocks and only showing blocks
> it creates, the node has a giant store of accurate data that the MITM cannot
> modify. Not so with CT.
>
>
> Why not?
>
>
> Because the contents of the entries in the blockchain belong to their
> respective owners.
>
> If clients want to download the whole log, they can.
>
>
> Ben, according to your documentation, clients do not download whole logs,
> Monitors do. Monitors are not web browsers.

a) "Monitor" is a role - anything can be in that role.

b) If there's an advantage to downloading the whole log, a client is
free to do so. You claim that there's an advantage to having history
up to some point - I am just observing that CT allows the same thing,
at similar cost.

> Now, you're welcome to come back at me and say that Google Chrome is going
> to start downloading "All The Logs!", but something tells me you're not
> going to do that.

Yeah, and we're not going to download "all the blockchain" either. But
if we were prepared to do that, then we could also download the CT
log.

>
> Kind regards,
> Greg
>
> --
> Please do not email me anything that you are not comfortable also sharing
> with the NSA.
>


More information about the Messaging mailing list