On Fri, 27 Mar 2015, Dmitry Belyavsky wrote:
The document does say that clients MUST send the certificate chain back to servers, and that's good, because if that's the case, shouldn't that be enough on its own for servers to detect that a MITM attack occurred (after the MITM leaves)?If that is so, it seems like a point worth highlighting in the document. It would completely address our concerns about CT's ability to detect MITM attacks post-facto.
It is.
I suspect that a smart enough attacker will be able to send native certificates back to server instead of the ones he sent to client. Or am I missing something?
If the attacker fools the client with certificates, it is those certificates that the client wil send back to the server once the attacker is gone. It does not matter what the attacker do. The attacker can forever keep sending whatever certificates to the server. Once they are no longer attacker the client, the client will note a different (the real!) certificate of the server and send its previous (attacker's) certificate to the server. Perhaps this can be reflected in an update on the okturtles blog. Paul _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
