[cryptography] The Trouble with Certificate Transparency

Nicolai nicolai-cryptography at chocolatine.org
Sun Sep 28 19:25:03 EDT 2014


On Fri, Sep 26, 2014 at 06:52:34PM -0700, Greg wrote:

> This the other question you asked:
> 
> > And if I find out that's the case, would people care about little old me enough to burn a CA such as Comodo?
> 
> 
> I think it depends on the situation, and the frequency with which "malfunctions" occur.
> 
> If malfunctions occur to "little old me"'s infrequently, I suspect little will be done.
> 
> When I detected what was most likely a MITM attack on me, and provided evidence of it [1], nothing was done.
> 
> [1] https://twitter.com/taoeffect/status/463378963901849600

"What happens now" is key here, but first --

It's hard to say if it was a MITM attack due to multiple moving parts,
and certificate revocation being another wrench thrown in, but I'd still
feel pretty creeped out if that was me.  I used to use Cert Patrol and
I'd get a warning whenever a cert changed, so I don't know why you
weren't notified.  It doesn't look good.

But as for the question of what now, past experience is the best
predictor.  That nothing was done in your case is totally expected.

No web browser wants to be the one that loses 25% of TLS sites (and thus
how many users?) by burning a major CA.  And it simply wouldn't happen
even if all browser makers agreed/colluded to drop the CA together.

For an especially egregious breach, a small CA could be burned, and this
has happened before.  But the beauty of it is that there are so many CAs
for attackers to choose from!  CT would allow the game to continue
while maybe changing the details a little.

Nicolai


More information about the cryptography mailing list