On Wed, Sep 24, 2014 at 8:10 PM, Greg <[email protected]> wrote: > This post dissects some of the false and misleading statements that Google > has been making publicly about their project called Certificate Transparency > (CT). > > It shows how undetected MITM attacks still remain possible even if CT > becomes widely deployed. > > http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/ > > Thanks for reading! > Greg
Hello: As per the discussion in the trans mailing list, I think it all depends on the attack/threat model. The key: If your web browser is compromised, then you're fucked anyway. If your web browser is compromised, then your web browser might just not check CT (or DNSChain) at all, or show you buggy information. So let's assume that the web browser is not compromised. You talk a lot about a fraudulent Merkle tree in your post. A fraudulent merkle tree that is based on a real one but diverging. But there are ways to detect that fraud. For example, browser updates might include merkle tree safe checkpoints. And remember we're trusting the browser. This way, if the merkle tree was diverging, we would detect it this way. You might say: oh, but maybe the certificate of the browser website was compromised so the update is also compromised. Well, web browsers like Chrome (Firefox or others might do the same in the future) do some certificate pinning for their own domains, so that would not be possible. Also, as others have noted, the idea of having multiple auditors, as others have noted, is a market force for transparency that pushes against the fraud. If browsers connects with N auditors, the MITM would need to compromise all the auditors all the time. And anyone can be an auditor. If one auditor one time notices anything funky going on, that plot would be discovered and it would get to the news. That doesn't seem to go very well for fraudsters, does it? On the other hand, if the NSA wants to hack your computer, they probably have like thousands of zero-days to target the software either you or your Internet services might use, so you're fucked anyway. Still, security and transparency measures like CT are important for making things more difficult to them (and others). The "transparency" idea is to apply the same tactics spy agencies uses to them: we're not going to make your work impossible, but just so difficult that it might not be worth to try, at least in most cases. And it's just one more measure towards that goal (see [1] for example). Regards, -- [1] http://it.slashdot.org/story/14/09/25/2221245/fbi-chief-apple-google-phone-encryption-perilous -- Eduardo Robles Elvira @edulix skype: edulix2 http://agoravoting.org @agoravoting +34 634 571 634 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
