does CT help with MiTM mitigation?

[alvin]

People used HPKP/Cert pinning to defend against MiTM attacks in native mobile apps.

Does CT help with preventing MiTM attacks?

This article thinks NO: https://medium.com/@certledger/a-security-issue-with-chromes-certificate-transparency-and-prevention-through-certledger-f511cd02fe2b

[Ben Laurie]

"Decentralised" blockchains are also vulnerable to split world attacks. That's practically the definition of "decentralised".

 

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/9664b94f-db6a-49ba-90f0-3923deedd7c1%40googlegroups.com.

[Matt Palmer]

No, that article is just blockchain snake oil. It can be safely ignored.

- Matt

[al so]

Does CT help with preventing MiTM attacks?

If Yes, how (in the context of how cert pinning help prevent MiTM as there are many MiTM vectors)? Besides help prevent CA abuse from CT.

--
You received this message because you are subscribed to a topic in the Google Groups "certificate-transparency" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/certificate-transparency/Dopv9mwbh2g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/20200323101601.5ahgwh5ykuggww3h%40hezmatt.org.

[Corey Bonnell]

No, CT does not prevent MiTM attacks. In the best case scenario, user agents (such as Chrome) enforce that certificates are logged to CT so that maybe at some point in the future any MiTM shenanigans are detected, but there is no mechanism in CT that can detect certs used for MiTM purposes and abort the TLS connection.

 

In other words, CT may provide evidence of a MiTM attack that has already occurred or is ongoing, but nothing that prevents said attack.

 

Thanks,

Corey

--

You received this message because you are subscribed to the Google Groups "certificate-transparency" group.

To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/CAJrqK%3D15pV%3DWrUmBa60ZbYP32HrguLYFkLTUHQtC9vKQ5WZp%3Dg%40mail.gmail.com.

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.