On 2013-09-10, at 17:35, Ben Laurie <b...@links.org> wrote: > On 10 September 2013 22:04, Joe Abley <jab...@hopcount.ca> wrote: > >> Suppose Mallory has access to the private keys of CAs which are in "the" >> browser list or otherwise widely-trusted. >> >> An on-path attack between Alice and Bob would allow Mallory to terminate >> Alice's TLS connection, presenting an opportunistically-generated >> server-side certificate with signatures that allow it to be trusted by Alice >> without pop-ups and warnings. Instantiating a corresponding session with Bob >> and ALGing the plaintext through with interception is then straightforward. > > CT makes this impossible to do undetected, of course.
I don't feel qualified to endorse "impossible", but for the armchair crypto spectator it does sound very much like the right thing. Joe _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography