Hello, I'm sorry, I do not understand the idea of providing different trees and proofs to different parties.
If I understand correctly, it should be prevented by Auditors and the gossip protocol (yes, I understand it is not specified in fact). Auditors and gossip protocol are designed for solving precisely this case. The other possibility is that the Merkle tree is not neither append-only nor verifiable. We should have an perfect MITM that can intercept all the communications by the victim and her/his software to turn this scenario into real life. And, BTW, if we ask for more than one SCT in the cert as Ben does, the attack becomes much more difficult even for the perfect MITM. Thank you! On Wed, Sep 24, 2014 at 10:18 PM, Tao Effect <cont...@taoeffect.com> wrote: > Dear [therightkey] list, > > This post explains how undetected MITM attacks still remain possible even > if Google's Certificate Transparency (CT) becomes widely deployed, and it > dissects many of Google's false and misleading claims about it. > > Many thanks go to Zaki (@zmanian), Simon (@simondlr) and others to > reviewing it prior to publication: > > > http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/ > > Kind regards, > Greg > > -- > Please do not email me anything that you are not comfortable also sharing with > the NSA. > > > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey > > -- SY, Dmitry Belyavsky
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
