On 10/03/2014 07:02 PM, Tao Effect wrote: > The other is simply the traditional TLS MITM attack wherein a CA > issues a fraudulent cert (the primary impetus for CT). .... None of > CT’s proofs (audit or consistency proofs) will detect mis-issuance of > a certificate by a rogue CA, not even if gossip of STHs > (signed-tree-heads) successfully occurs.
Is this not, at its heart, the same issue we have been discussing here at length? Namely, that ultimately only you know the correct key for you. This is true for server keys, and true for user keys. Personally, I am comfortable with this limitation when it comes to traditional CT but have doubts with it when it comes to CT-like user key system. It seems more reasonable to expect sysadmins to practice higher diligence and know what to do with a funky log. Also, third parties have more opportunities for auditing since they can just ask the server at any time what key the server is using. Obviously, this doesn't help if all connections to a server are MiTM'ed, but it is useful otherwise. On 10/03/2014 07:02 PM, Tao Effect wrote: >> (1) do you agree that once correctly authenticated connections are >> established with monitors that future mitm will be prevented (connection >> will fail close, system will refuse to work)? > > I'm not sure what you mean by "future mitm" (could you elaborate? is > this referring to before-the-fact? for the same website? same MITM?). I mean, a mitm between an auditor and a monitor that takes place at some point in time after the auditor and the monitor have successfully communicated without interference. -elijah _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
