[cabfpub] Pre-Ballot - Short-Life Certificates

Sigbjørn Vik sigbjorn at opera.com
Mon Nov 24 13:13:17 UTC 2014

On 19-Nov-14 22:04, Ben Laurie wrote:
> On Wed Nov 19 2014 at 7:51:18 PM Sigbjørn Vik <sigbjorn at opera.com
> <mailto:sigbjorn at opera.com>> wrote:
>     Short answer: The client needs to securely download a single recent
>     hash/timestamp combination. Most likely this would be done from a vendor
>     server. All vendors have a lot of servers that the clients routinely
>     connect to anyway, and trust in the client implies trust in those
>     servers. Most likely the client would download the entire list from a
>     trusted server, but a single combination is all that is required.
> This is no better than saying that the client securely downloads the
> current time - which would not only solve the original problem, but a
> whole bunch of others.

Downloading the current time and a three days old hash, is functionally
equivalent to downloading a three days old hash along with its
timestamp, agreed :)

If you agree that this solves the original problem, then let's just
conclude problem solved :) This is really a deep corner case of the
original proposal, but I am glad we could resolve it anyhow. Snipping
any further discussions about this.


> But the problem is: suppose I (the attacker) don't care that all your
> other connections fail?
> More seriously: if I am the victim of such an attack (not a log fork,
> but a rollback), how would I prove it?

If you are given a signed copy of a log by someone, and that signed copy
doesn't match the actual log, then you have proof to incriminate the signer.

Sigbjørn Vik
Opera Software

More information about the Public mailing list