> 27 sep 2014 kl. 19:11 skrev Tao Effect <[email protected]>: > > Thanks for starting this thread on Gossip! > >> It's been suggested that web browsers should use TLS connections to web >> servers for gossiping. One argument for that is that this makes the >> attack of blocking the gossiping messages hard to get away with without >> people noticing because it means blocking TLS to all servers >> participating. > > > I just want to point out that successful gossip does not protect clients > against MITM from mis-issued certificates. It also does not detect mis-issued > certificates. > > The selective partitioning of a log is one attack, but the standard attack > that we have today, which doesn't require partitioning of a log, is not > detected by CT's gossip as elaborated on in the "Threat model outline, attack > model" thread, here (and in followup replies):
- the CA is sloppy/forced to issue the cert to the attacker - cert is injected into log - cert have SCT - client check the SCT with the logs the clients trust, like one the is not under the same control as the CA - any other SCT in the cert is ignored by the client since they are not trusted. - MITM happened - Auditor finds the fraudulent issued cert - public out roar - ca falls out from the public trust - second ca will now refuse the attacker since they know the cost (loss of company) Gossip is about not trusting log owners to keep them honest and unrelated to your attack. until you have namecoin working and enabled on all running all TLS clients and servers, I find CT is a acceptable compromise. Love _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
