[cryptography] The Trouble with Certificate Transparency

Greg greg at kinostudios.com
Fri Sep 26 21:52:34 EDT 2014


Dear Nicolai,

On Sep 25, 2014, at 8:29 PM, Nicolai <nicolai-cryptography at chocolatine.org> wrote:

> It seems to me that CT could benefit security only in a "trickle down"
> sense: if a cert is improperly issued against a major domain like
> google.com, that CA can be punished by Chromium/Chrome, with the logs
> providing political/legal cover.  And maybe the benefit trickles down.
> 
> But what about normal people?  I have to check up to 1000 different logs
> to see if I've been attacked?  And if I find out that's the case, would
> people care about little old me enough to burn a CA such as Comodo?
> 
> It seems CT could potentially be of benefit to some large organizations
> while having little to no impact on ordinary people like myself.  If
> that's wrong I'd like to know how/why.

That is a remarkably insightful observation that I did not think of myself, and so far as I know it's a criticism of CT that no one has brought up before. Thank you for that.

> I have to check up to 1000 different logs to see if I've been attacked?


I am not sure. The RFC sure seems to imply that, but the problem is that Google hasn't finished specifying how gossip works, and depending on how they do it, it may or may not change what most domain owners need to do.

For the sake of argument, let's give Google the benefit of the doubt and assume that gossip turns out to be 99% reliable at detecting attacks post-facto.

There still remains a problem: what now?

This the other question you asked:

> And if I find out that's the case, would people care about little old me enough to burn a CA such as Comodo?


I think it depends on the situation, and the frequency with which "malfunctions" occur.

If malfunctions occur to "little old me"'s infrequently, I suspect little will be done.

When I detected what was most likely a MITM attack on me, and provided evidence of it [1], nothing was done.

[1] https://twitter.com/taoeffect/status/463378963901849600

Now, let's throw Google yet another bone, and let's say that people behave differently for some reason than they've done so far, and they actually care and raise a ruckus about it.

For some people, this ruckus will come too late, and will be of no benefit.

CT doesn't prevent MITM attacks. Damage will have been done.

> When LibreSSL has a non-preview release or two under its belt I'd like
> to try DNSChain, but for now I'm unwilling to touch major TLS libraries.
> DNSChain and MinimaLT seem like they could be a great match...


Yes... someone brought that up before... :)

http://arxiv.org/abs/1407.6453

Is there someone out there who would like to help us make that into a reality? Get in touch:

https://github.com/okTurtles/dnschain/blob/master/README.md#Community

Thanks again for your comment!

Kind regards,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140926/d6211ef5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140926/d6211ef5/attachment-0001.asc>


More information about the cryptography mailing list