Hacker News new | ask | show | jobs
by tptacek 4328 days ago
I'm baffled by that attitude (and CT, as well). So, you found out after the fact that the global adversary injected themselves in the middle of your conversation with a source. What do you do now? Move to an apartment in Russia?

Also the things that break transparently-keyed systems do so repeatedly. That's what transparent keying means: it's mediated by machines, and factored the slow, clumsy, human interactions out. CT? Audit logs? It's like Lucy and Charlie Brown with the football, except Lucy is hooked up to a for() loop.
2 comments
michaelt 4328 days ago 

  So, you found out after the fact that the 
  global adversary injected themselves in 
  the middle of your conversation with a 
  source. What do you do now?
If you could reliably detect a CA issuing MITM certs to the global adversary, and if some unstoppable mechanism would respond to such detections by promptly dropping the CA's cert from clients' trust roots, and if being dropped from the trust roots put the CA out of business, then it would be extremely difficult to induce a CA to issue MITM certs.
link
moreati 4328 days ago
What is CT in this context?
link
croikle 4327 days ago
I believe it's Certificate Transparency, a Google project for globally monitoring SSL certificates.

http://www.certificate-transparency.org/

link