On 09/24/2014 11:08 AM, Tao Effect wrote: > I've finally taken the time to explain via diagrams and many words how > undetected MITM attacks can happen with Certificate Transparency.
It strikes me that you are not allowing for any distinction between a MiTM attack that happens once, and a MiTM attack that is only successful if it can be carried off from the moment a computer first contacts the internet (and carried on forever if the attacker doesn't want to be detected). What scenario do you have in mind where the latter is possible? Also, if browsers contain auditors, why can't these auditors be pre-seeded with the hash of different logs at the time the browser was compiled? -elijah
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
