On 26 March 2015 at 09:56, Watson Ladd <[email protected]> wrote: > Dear all, > > Suppose I can consistently redirect a client C to a masquerading > server M. The proposed gossip mechanism will not detect this, as SCTs > are only ever sent back to the server they are received from. This > should be fixed by having clients gossip constantly about STHs, thus > ensuring that if any honest server is contacted, the MITM is detected.
If you are able to isolate a client from a resource _forever_ then yes, you can win. You can also stop the client from receiving browser updates, from contacting a client's trusted auditor (if they have one), from receiving operating system updates, trust root updates, and so on. An attacker who can isolate a client from a resource once and forever is exceptionally difficult to defend against. It's not clear (to me at least) what a browser could even do in that situation except refuse to work at all. (And I'll note that unless I'm mistaken, every browser chooses to go the other way and actually fail _open_, removing security mechanisms if it's been unable to update for a long time.) -tom _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
