Certificate Transparency and jabber.ru-mitm

[Andrew Aitchison]

On the mailop mail manager's list there has been some talk about https://notes.valdikss.org.ru/jabber.ru-mitm/

which was a successful meddler-in-the-middle attack on a tls secured XMPP service.

I know enough to know that Certificate Transparency exists and is in active use, but little more. Can anymore tell me whether CT would or should have alerted users of this service to the MiTM, and whether there are lessons that either CT or Jabber users should learn from this ?

Thanks,

[Maria Merkel]

CT wouldn't have alerted *users* to this issue, because the certificates were correctly logged and issued, however the operator of the service could have subscribed to a CT monitor and be notified about the new certificates being issued.

Users of services could similarly subscribe to monitors, but the information is less useful for them because they would have no way of confirming if the issuance was intended by the domain owner or not.

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/4b7e084f-e3e2-4621-9e75-4692f36b4ba5n%40googlegroups.com.