Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] The Trouble with Certificate Transparency

Eduardo Robles Elvira edulix at
Sat Sep 27 01:16:20 PDT 2014

On Wed, Sep 24, 2014 at 8:10 PM, Greg <greg at> wrote:
> This post dissects some of the false and misleading statements that Google
> has been making publicly about their project called Certificate Transparency
> (CT).
> It shows how undetected MITM attacks still remain possible even if CT
> becomes widely deployed.
> Thanks for reading!
> Greg


As per the discussion in the trans mailing list, I think it all
depends on the attack/threat model. The key: If your web browser is
compromised, then you're fucked anyway. If your web browser is
compromised, then your web browser might just not check CT (or
DNSChain) at all, or show you buggy information.

So let's assume that the web browser is not compromised. You talk a
lot about a fraudulent Merkle tree in your post. A fraudulent merkle
tree that is based on a real one but diverging. But there are ways to
detect that fraud.

For example, browser updates might include merkle tree safe
checkpoints. And remember we're trusting the browser. This way, if the
merkle tree was diverging, we would detect it this way. You might say:
oh, but maybe the certificate of the browser website was compromised
so the update is also compromised. Well, web browsers like Chrome
(Firefox or others might do the same in the future) do some
certificate pinning for their own domains, so that would not be

Also, as others have noted, the idea of having multiple auditors, as
others have noted, is a market force for transparency that pushes
against the fraud. If browsers connects with N auditors, the MITM
would need to compromise all the auditors all the time. And anyone can
be an auditor. If one auditor one time notices anything funky going
on, that plot would be discovered and it would get to the news. That
doesn't seem to go very well for fraudsters, does it?

On the other hand, if the NSA wants to hack your computer, they
probably have like thousands of zero-days to target the software
either you or your Internet services might use, so you're fucked
anyway. Still, security and transparency measures like CT are
important for making things more difficult to them (and others). The
"transparency" idea is to apply the same tactics spy agencies uses to
them: we're not going to make your work impossible, but just so
difficult that it might not be worth to try, at least in most cases.
And it's just one more measure towards that goal (see [1] for


Eduardo Robles Elvira     @edulix             skype: edulix2       @agoravoting     +34 634 571 634

More information about the liberationtech mailing list