Timeline for Ongoing effort to detect MitM attack on TLS?
Current License: CC BY-SA 4.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 27, 2021 at 18:07 | comment | added | Joshua | And if the MITM guy blocks access to the logs outright? | |
| Apr 27, 2021 at 14:48 | vote | accept | fgrieu | ||
| Apr 27, 2021 at 11:58 | comment | added | nobody | @BrianMcCutchon The browser doesn't download/query the log itself (that would put a ginormous load on the log servers). Instead it just checks if the certificate has an SCT (which is basically a signed statement by the log operator that the certificate has been added to the log). SCT auditing is then required to ensure the log operator didn't issue a fake SCT (currently I think only chrome does SCT auditing for some clients, but even that confers herd immunity against at least mass MiTMs). | |
| Apr 27, 2021 at 10:22 | comment | added | Margaret Bloom | I don't remember the exact working of CT (correct me) but the browser usually checks if a certificate (identified by its hash) exists in the log through Merkle's proof. It doesn't check if another certificate for the same domain exists. The fake copy will be noticed by the real owner of the domain but it is probably too late to prevent the attack as they have to go through the CRL. | |
| Apr 27, 2021 at 5:47 | comment | added | fgrieu | @Brian McCutchon: If M knows what B does and can alter any avenue of communication to B and does so properly, then M can't be caught. That's why in the question's 1 and 2 I posit a channel with integrity, and in 3 a channel that is covert w.r.t. M. | |
| Apr 27, 2021 at 0:32 | comment | added | Brian McCutchon | What if M only adds it to the log when the log is in transit to B's browser? So B sees it in the log, but A doesn't. | |
| Apr 26, 2021 at 12:19 | comment | added | fgrieu | I came across crt.sh which seems sort of usable for that "certificate transparency". | |
| Apr 26, 2021 at 10:32 | history | answered | Sjoerd | CC BY-SA 4.0 |