[cabfpub] Pre-Ballot - Short-Life Certificates
sigbjorn at opera.com
Mon Nov 24 06:13:17 MST 2014
On 19-Nov-14 22:04, Ben Laurie wrote:
> On Wed Nov 19 2014 at 7:51:18 PM Sigbjørn Vik <sigbjorn at opera.com
> <mailto:sigbjorn at opera.com>> wrote:
> Short answer: The client needs to securely download a single recent
> hash/timestamp combination. Most likely this would be done from a vendor
> server. All vendors have a lot of servers that the clients routinely
> connect to anyway, and trust in the client implies trust in those
> servers. Most likely the client would download the entire list from a
> trusted server, but a single combination is all that is required.
> This is no better than saying that the client securely downloads the
> current time - which would not only solve the original problem, but a
> whole bunch of others.
Downloading the current time and a three days old hash, is functionally
equivalent to downloading a three days old hash along with its
timestamp, agreed :)
If you agree that this solves the original problem, then let's just
conclude problem solved :) This is really a deep corner case of the
original proposal, but I am glad we could resolve it anyhow. Snipping
any further discussions about this.
> But the problem is: suppose I (the attacker) don't care that all your
> other connections fail?
> More seriously: if I am the victim of such an attack (not a log fork,
> but a rollback), how would I prove it?
If you are given a signed copy of a log by someone, and that signed copy
doesn't match the actual log, then you have proof to incriminate the signer.
More information about the Public