[messaging] The Trouble with Certificate Transparency

Tao Effect contact at taoeffect.com
Sat Sep 27 11:05:45 PDT 2014


Dear Ben,

In respecting Trevor's concern that CT is off topic for this list, I decided to reply to this email of yours over on [randombit] here:

http://lists.randombit.net/pipermail/cryptography/2014-September/006800.html

Feel free to send replies over there (or on [trans] if you'd like). On second thought, I probably should have sent it to [trans]... sorry, my mistake.

Kind regards,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Sep 27, 2014, at 4:38 AM, Ben Laurie <ben at links.org> wrote:

> On 27 September 2014 01:16, Tao Effect <contact at taoeffect.com> wrote:
>> On Sep 25, 2014, at 4:32 AM, Ben Laurie <ben at links.org> wrote:
>> 
>> 
>> 1. Gossip could be blocked.
>> 
>> 
>> Blocking our proposed mechanism == blocking all TLS. So, it could be,
>> but it would be kinda obvious...
>> 
>> 
>> Where do you specify that blocking gossip = blocking TLS?
>> 
>> And where do you specify the details of how gossip works? Still isn't in RFC
>> 6962...
> 
> It will never be in RFC 6962 (RFCs can't be substantially changed
> after publication).
> 
> Since you've read the article
> (http://queue.acm.org/detail.cfm?id=2668154), you already know I've
> discussed gossip in it.
> 
>> 2. If Gossip isn't blocked, and you're able to prove failure... so what?
>> What then? The RFC is rather silent on this.
>> 
>> Any support with this question?
>> 
>> The blockchain, on the other hand, doesn't have problem #2.
>> 
>> Even if MITM suddenly starts blocking all new blocks and only showing blocks
>> it creates, the node has a giant store of accurate data that the MITM cannot
>> modify. Not so with CT.
>> 
>> 
>> Why not?
>> 
>> 
>> Because the contents of the entries in the blockchain belong to their
>> respective owners.
>> 
>> If clients want to download the whole log, they can.
>> 
>> 
>> Ben, according to your documentation, clients do not download whole logs,
>> Monitors do. Monitors are not web browsers.
> 
> a) "Monitor" is a role - anything can be in that role.
> 
> b) If there's an advantage to downloading the whole log, a client is
> free to do so. You claim that there's an advantage to having history
> up to some point - I am just observing that CT allows the same thing,
> at similar cost.
> 
>> Now, you're welcome to come back at me and say that Google Chrome is going
>> to start downloading "All The Logs!", but something tells me you're not
>> going to do that.
> 
> Yeah, and we're not going to download "all the blockchain" either. But
> if we were prepared to do that, then we could also download the CT
> log.
> 
>> 
>> Kind regards,
>> Greg
>> 
>> --
>> Please do not email me anything that you are not comfortable also sharing
>> with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140927/d2b44c23/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140927/d2b44c23/attachment.sig>


More information about the Messaging mailing list