On 20 January 2017 at 08:23, Ben Laurie <[email protected]> wrote: > On 18 January 2017 at 15:12, Richard Barnes <[email protected]> wrote: >> Let me again bust this myth that 6962 / 6962-bis do anything to expose rogue >> logs. Without some sort of consistency checking mechanism, logs can lie >> without any risk of discovery. That is true of CT as deployed today. There >> is no way to detect a rogue log. >> >> And a consistency checking mechanism only creates risk to rogue logs to the >> degree that it is deployed and used. If only 5% of SCTs ever get checked >> for consistency, then a rogue log has a 95% chance of getting away with any >> particular lie. So we really need consistency checking at scale. > > I have two problems with this statement: > > 1. A 95% chance of getting away with a particular lie rapidly erodes > to effectively no chance of getting away with multiple lies (for > example, getting away with 100 lies is about .5% chance).
In a perfectly random distribution, yes. But I expect that the attacker could choose the lie so the distribution is perfect or grossly in their favor - either because the website does not deploy some mechanism they need to participate (e.g. SCT Feedback) or because the attacker filters DNS from the clients they attack or they choose to attack clients they know do not enable consistency checking or by selectively blocking connections... All depends on deployment details of course. -tom _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
