Fill This Form To Receive Instant Help
Fill This Form To Receive Instant Help
Homework answers / question archive / In class, we have seen a recent proposal called Certificate Transparency (CT)
In class, we have seen a recent proposal called Certificate Transparency (CT). In order for CT to be effective to counter threats related to PKI, the ecosystem is essential.
The rationale behind this insurance product is as follows:
— CA C is incentivized to do its best to prevent the issuance of unauthorized certificates for the domain D as it wishes to get the refund.
— Domain owner of D would likely choose CA C for issuing new certificates over other CAS because C is incentivized to protect its certificate signing key (to prevent misissuance). Other CAS with no such insurance may loose their signing keys and result in mislssued certificates without any economic loss, albeit some damage to their reputation.
— Third party monitors are economically incentivized to actively monitor CT and report any misissued certificate to InsuredCert before others do so.
For the purpose of this, we assume that InsuredCert is trustworthy. This insurance policy, however, has a security concern. Describe one security concern when C itself is malicious. (Hint: show an attack that allows C to intentionally "mislssue" a certificate without significant monetary penalty.)
Certificate Transparency is an open framework for monitoring SSL Certificates. Domain owners may find it useful to monitor certificate issuance for their domain and use that to detect misissued certificates.
The Certificate Transparency framework means misissued certificates can be detected quickly and efficiently as compared to the old system where rogue certificates could be left in the wild to wreak havoc for weeks or months before being discovered. Early detection of suspect certificates allows CAs and domain owners alike to act quickly and revoke the certificates.
Step-by-step explanation
b) Now let us assume that all browsers never accept certificates that are not on CT. Monitor is an entity that checks a certificate log to detect malicious certificates. please explain how monitors helps detect malicious certificate issued for phishing domain (e.g accounts.google.co.am)
c) to offer better incentive for monitors, a(hypothetical) insurance company InsuredCert starts a new certificate insurance business. When insuring a legitimate certificate Certcd for a domain D, a CA C purchases an insurance policy P from InsuredCert, say at insurance premium of $$1,000. the policy p clearly states the incentive and penalty regarding any misissued certificates
