undefined | Better HN

0 pointsjchw2y ago0 comments

Certificate Transparency really serves the end user.

Because the most popular browsers (at least Chrome and Safari) generally require CT logged certificates, if you want to successfully perform a MitM attack against any user, even just some individual user, even controlling a CA, you still can't do so without publishing your fraudulent certificate to a CT log.

This is the important function of the CT log. It is an effective balance against compromised CAs and governments that might abuse CAs, because it causes such attacks to become quickly tamper-evident.

I don't think it would be possible for a system like this to be effective without publishing the actual certificate to the log.

0 comments

vbezhenar2y ago

I don't follow your threat model.

Let's say that browser is fine with CT if either leaf or intermediate certificate is logged.

If you need to issue fake certificate, you need to either log it, or you need to issue fake intermediate certificate and log it.

Either way it's visible to website owner (and other people likely won't care anyway).

jchwOP2y ago

It would be completely possible to do it that way, but doing it this way ensures that at no point does certificate issuance become opaque and impossible to scrutinize. We want to ensure that CAs follow certain rules, and CT logs are one way to do this. For example, a CA should not issue a certificate with a forged "not before" time. There are certainly many more cases like this.

Public CT logs mean that the property of transparent certificate issuance extends to the entire Internet, which is good. If you want private certs, you can use a private CA and deploy it to the machines in your domain. Totally reasonable alternative in my opinion.

j / k navigate · click thread line to collapse