On Mar 16, 2016, at 9:49 AM, Ben Laurie <[email protected]> wrote: > I do agree that these attacks can be mounted, and are in fact already > discussed in general in 6962 and 6962-bis (s7.3 for the latter).
I don’t see a section 7.3 in draft-ietf-trans-rfc6962-bis-12, which appears to be the latest version; did the section numbers change recently and you’re referring to a different version? I would most naturally expect such issues to be discussed in section 12 “Security Considerations”, but see no obvious mention of this class of attacks anywhere in there. > I have still not yet had the time to thoroughly review the threat > analysis document, so I can't comment on it at this time. Perhaps the WGLC shouldn’t close until at least the core CT developers such as you have had a chance to do that review? > In general, it seems hard to defend against attacks that permanently > separate their victims from the rest of the world - and it also seems > hard to mount such an attack. Hard to defend: perhaps, but does that justify ignoring that entire threat vector space in a threat analysis document? And do you (still) maintain that collective signing is not a workable defence against precisely such attacks? If so, I’m still curious why. Hard to mount: perhaps, but do you disagree that such an attack appears to be exactly what the FBI is at the moment quite explicitly threatening to perform against Apple (by threatening just to commandeer their signing keys and sign their own backdoored software update)? And that the FBI appears to be in a perfect position to perform such an attack secretly even against a CT-hardened system, if they didn’t happen to want the publicity like they seem to this time? Bryan
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
