The impact of MitM attack in CT

65 views
Skip to first unread message

Jin Tong

unread,
Oct 4, 2025, 12:31:00 AM (12 days ago) Oct 4
to Certificate Transparency Policy

Hello everyone,

I'd like to discuss the potential impacts of a man-in-the-middle (MitM) attacker in the CT system after a fraudulent certificate is issued. I hope someone can provide answers or recommend relevant materials addressing these questions:

  1. After a fraudulent certificate is discovered, how long does it typically take to remove the fraudulent certificate and the associated CA to eliminate potential MitM attacks?

  2. State-level MitM attacks often involve hijacking critical network nodes, suggesting such attacks typically exhibit geographic characteristics. Is it reasonable to assume that for most countries or regions, at least one victim node would escape the compromised environment within a day (e.g., by using a VPN or relocating their physical location)? If not, what would be a more accurate timeframe?

Sincerely looking forward to your reply,
Jin Tong

Ben Laurie

unread,
Oct 4, 2025, 12:58:05 AM (12 days ago) Oct 4
to Jin Tong, Certificate Transparency Policy
This is not a question about CT but rather about CAs and browsers.

The incident that triggered the deployment of CT in the first place is a case study of exactly what you are asking about: https://en.wikipedia.org/wiki/DigiNotar.

--
You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/b4154dae-0e81-4c4e-b988-f5ad6682de75n%40chromium.org.
Reply all
Reply to author
Forward
0 new messages