[mjg59]

Most browsers will reject such a certificate. See https://googlechrome.github.io/CertificateTransparency/ct_po... for the policy Chrome imposes - my understanding is that Safari is broadly similar. Right now I don't think Firefox performs this validation, so this is possible if you know in advance that your target runs Firefox.

[matthew9219]

That page explains that Chrome (which is best in class here - most IOT devices don't do any of this stuff) fails open:

> If the installed version of Chrome has not applied security updates and has been unable to obtain an updated CT log list from the Component Updater for 70 days or more, then CT enforcement will be disabled.

That means a global adversary need merely block the update channel to targeted devices and wait. How will a Smart TV behave?

[mjg59]

You're moving the goalposts to a ridiculous degree. Chrome will be incredibly angry at you if you haven't updated in 70 days. How will a smart TV behave? I've no idea. It's probably not paying any attention to dnssec (otherwise pihole and co wouldn't work), so I don't think you're presenting a credible alternative.

[matthew9219]

That's just not what's happening. Reread the conversation. I started from here:

> Certificate transparency is cool, but it's not clear it really works for many classes of devices

Smart TVs aren't some gotcha I'm throwing in at the end. It's literally the first thing I said about CT. CT works ok for mobile phones, laptops, and other devices where you can make certain assumptions about multiple networks and frequent updates. If you want a technology that doesn't require these assumptions, you want DNSSec.

[mjg59]

Once you've got a 70 day old browser you're just waiting for it to hit one domain you can MITM or serve content from and then you've got arbitrary code execution and who cares whether dnssec is involved or not. Attacking CT is just not the threat model to be concerned about.

[matthew9219]

The example I gave was a router or gaming system updating itself (e.g. using CUrl) not a full browser. Don't strawman please - if my argument is as weak as you say, you shouldn't need to.

I want a version of Web PKI strong enough that I can turn off my tablet for a year, turn it back on in a coffee shop, apply automatic updates, and not have my web traffic monitored, even if I'm gay and the coffee shop is in Saudi Arabia.

From what I can see, DNSSec+CAA+.com+US CA+US hosting for the Android update server does the trick. No version of CT does.

[mjg59]

The Play Store has cert pinning, so this all works just fine in the scenario you're describing.