Lecture 18: Fork Consistency, Certificate Transparency

The podcast explores Certificate Transparency (CT), an audit system designed to enhance web security by making certificate issuance public and auditable. It addresses the vulnerabilities of the pre-1995 web, susceptible to man-in-the-middle attacks, and how certificates, SSL, and HTTPS aimed to solve them. However, the proliferation of certificate authorities led to instances of bogus certificates, prompting the need for transparency. CT enforces that all certificates are public, enabling monitors to detect rogue certificates, and uses Merkle trees to ensure log integrity. The discussion covers proofs of inclusion and consistency to prevent deletion and equivocation, and gossip protocols to detect forking. Despite potential issues, CT improves security by ensuring that malicious certificates are eventually detected.

Outlines

Part 1: Context, Historical Security

Part 2: Transparency, Audit Architecture

Part 3: Data Integrity, Merkle Trees

Part 4: Attack Prevention, Consistency

Part 5: System Resilience, Trust

Sign in to continue reading, translating and more.

Continue

MIT 6.824: Distributed Systems

Part 1: Context, Historical Security

Certificate Transparency: An Open System Approach to Internet Security

Man-in-the-Middle Attacks: Web Security Before Certificates

Certificates and Certificate Authorities: Thwarting Man-in-the-Middle Attacks

Part 2: Transparency, Audit Architecture

Certificate Transparency: An Audit System for Publicly Inspectable Certificates

Certificate Transparency Architecture: Log Servers, Monitors, and Browser Verification

Part 3: Data Integrity, Merkle Trees

Append-Only Logs and Merkle Trees: Ensuring Data Integrity in Certificate Transparency

Signed Tree Heads and Proof of Inclusion: Verifying Certificate Presence in the Log

Part 4: Attack Prevention, Consistency

Preventing Fork Attacks: Ensuring Log Consistency and Detecting Divergent Trees

Gossip Protocol and Log Consistency Proofs: Detecting Forked Logs

Fork Consistency: Preventing Browsers from Switching Away from Forked Logs

Part 5: System Resilience, Trust

Multiple Log Servers and Auditing: Addressing System Defects and Ensuring Trust

Lecture 18: Fork Consistency, Certificate Transparency

MIT 6.824: Distributed Systems

Part 1: Context, Historical Security

00:03Certificate Transparency: An Open System Approach to Internet Security

Certificate Transparency: An Open System Approach to Internet Security

01:22Man-in-the-Middle Attacks: Web Security Before Certificates

Man-in-the-Middle Attacks: Web Security Before Certificates

06:04Certificates and Certificate Authorities: Thwarting Man-in-the-Middle Attacks

Certificates and Certificate Authorities: Thwarting Man-in-the-Middle Attacks

Part 2: Transparency, Audit Architecture

14:00Certificate Transparency: An Audit System for Publicly Inspectable Certificates

Certificate Transparency: An Audit System for Publicly Inspectable Certificates

18:00Certificate Transparency Architecture: Log Servers, Monitors, and Browser Verification

Certificate Transparency Architecture: Log Servers, Monitors, and Browser Verification

Part 3: Data Integrity, Merkle Trees

24:44Append-Only Logs and Merkle Trees: Ensuring Data Integrity in Certificate Transparency

Append-Only Logs and Merkle Trees: Ensuring Data Integrity in Certificate Transparency

30:12Signed Tree Heads and Proof of Inclusion: Verifying Certificate Presence in the Log

Signed Tree Heads and Proof of Inclusion: Verifying Certificate Presence in the Log

Part 4: Attack Prevention, Consistency

39:31Preventing Fork Attacks: Ensuring Log Consistency and Detecting Divergent Trees

Preventing Fork Attacks: Ensuring Log Consistency and Detecting Divergent Trees

47:24Gossip Protocol and Log Consistency Proofs: Detecting Forked Logs

Gossip Protocol and Log Consistency Proofs: Detecting Forked Logs

53:50Fork Consistency: Preventing Browsers from Switching Away from Forked Logs

Fork Consistency: Preventing Browsers from Switching Away from Forked Logs

Part 5: System Resilience, Trust

1:02:54Multiple Log Servers and Auditing: Addressing System Defects and Ensuring Trust

Multiple Log Servers and Auditing: Addressing System Defects and Ensuring Trust