On 24 September 2014 22:15, Tao Effect <[email protected]> wrote: > On Sep 24, 2014, at 12:55 PM, elijah <[email protected]> wrote: > > On 09/24/2014 11:08 AM, Tao Effect wrote: > > I've finally taken the time to explain via diagrams and many words how > undetected MITM attacks can happen with Certificate Transparency. > > > It strikes me that you are not allowing for any distinction between a > MiTM attack that happens once, and a MiTM attack that is only successful > if it can be carried off from the moment a computer first contacts the > internet (and carried on forever if the attacker doesn't want to be > detected). What scenario do you have in mind where the latter is possible? > > > Well, I'm primarily focusing on MITM attacks that happen more than once, and > are undetected, but not in the sense that you've presented it (MITM attack > 24/7 from beginning of time). > > A 24/7 MITM attack from birth to death simply goes undetected in all > systems, and it's probably impossible to do anything about that. > > However, the issue with CT is as I pointed out several months ago back in > May, that detection depends on successful gossip. > > Sure, it's possible, if the gossip succeeds, that proof of failure (not > misbehavior) has occurred. The problem here is: > > 1. Gossip could be blocked.
Blocking our proposed mechanism == blocking all TLS. So, it could be, but it would be kinda obvious... > 2. If Gossip isn't blocked, and you're able to prove failure... so what? > What then? The RFC is rather silent on this. > > The blockchain, on the other hand, doesn't have problem #2. > > Even if MITM suddenly starts blocking all new blocks and only showing blocks > it creates, the node has a giant store of accurate data that the MITM cannot > modify. Not so with CT. Why not? If clients want to download the whole log, they can. > Also, if browsers contain auditors, why can't these auditors be > pre-seeded with the hash of different logs at the time the browser was > compiled? > > > Sorry, what is this referring to? The post acknowledges that browsers have > public keys of logs. If the browser has some known hash for a log, then it can detect a forked log (because there cannot be a consistency proof for the fork's hash). > > Kind regards, > Greg > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA. > > > > -elijah > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > > > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
