Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What's to stop an attacker from poisoning such a system: pretend to be a thousand different people all saying "Yep, the cert with signature 0xBADBADBAD was what I saw"? How does someone rotate certs without breaking all their existing clients?


Nothing stops an attacker from pretending to be a thousand different people, but there are a couple of obvious improvements you can make:

- Don't just check the certs you want to verify, but also check others, and publish your findings.

- Check with multiple alternative systems, so that the chance of

- Allow users to assign trust to third party monitors that checks the logs.

Rotating certs is not really a different problem than issuing it in the first place - it just requires you to not trust a cert indefinitely.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: