On Thu, Mar 26, 2015 at 10:49 AM, Paul Wouters <[email protected]> wrote: > On Thu, 26 Mar 2015, Watson Ladd wrote: >> Suppose I can consistently redirect a client C to a masquerading >> server M. The proposed gossip mechanism will not detect this, as SCTs >> are only ever sent back to the server they are received from. This >> should be fixed by having clients gossip constantly about STHs, thus >> ensuring that if any honest server is contacted, the MITM is detected. > > First of all, this is very unlikely and consumes a lot of resources.
For mobile devices that do roam, and not always on the same wireless provider, it's probably true that it's unlikely, but in all other cases it seems likely that an MITM can continue being present indefinitely. A client could gossip with the user's other devices, but gossiping with anyone else complicates things, including security considerations. > Second, the webserver <-> webclient is not the only path for gossip. > Please have a look at the diagram on page 6 of the gossip presentation > from last Monday: > > http://www.ietf.org/proceedings/92/slides/slides-92-trans-3.pdf Slide 7, I think you mean. Yes, but this won't always happen, and for a client that can be MITMed continuously we have to consider that the MITM may MITM the auditor as well. CT is a step forward, but it's not a miracle. We have TTPs; all we can do is make it a bit harder for them to behave badly, particularly by increasing the likelihood that they will be caught doing so. Nico -- _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
