aboutsummaryrefslogtreecommitdiff
path: root/summary/src/ctor/src/abstract.tex
diff options
context:
space:
mode:
Diffstat (limited to 'summary/src/ctor/src/abstract.tex')
-rw-r--r--summary/src/ctor/src/abstract.tex30
1 files changed, 30 insertions, 0 deletions
diff --git a/summary/src/ctor/src/abstract.tex b/summary/src/ctor/src/abstract.tex
new file mode 100644
index 0000000..718c939
--- /dev/null
+++ b/summary/src/ctor/src/abstract.tex
@@ -0,0 +1,30 @@
+\noindent
+The security of the web improved greatly throughout the last couple of years.
+A large majority of the web is now served encrypted as part of HTTPS, and
+web browsers accordingly moved from positive to negative security indicators
+that warn the user if a connection is insecure. A secure connection requires
+that the server presents a valid certificate that binds the domain name in
+question to a public key. A certificate used to be valid if signed by a trusted
+Certificate Authority (CA), but web browsers like Google Chrome and
+Apple's Safari have additionally started to mandate Certificate Transparency (CT)
+logging to overcome the weakest-link security of the CA ecosystem. Tor and the
+Firefox-based Tor Browser have yet to enforce CT.
+
+We present privacy-preserving and incrementally-deployable
+designs that add support for CT in Tor. Our designs go beyond the currently
+deployed CT enforcements that are based on blind trust:
+ if a user that uses Tor Browser is man-in-the-middled over HTTPS,
+ we probabilistically detect and disclose cryptographic evidence of CA and/or
+ CT log misbehavior.
+The first design increment allows Tor to play a vital role in the overall goal
+of CT:
+ detect mis-issued certificates and hold CAs accountable.
+We achieve this by randomly cross-logging a subset of certificates into other CT
+logs. The final increments hold misbehaving CT logs accountable, initially
+assuming that some logs are benign and then without any such assumption.
+Given that the current CT deployment lacks strong mechanisms to verify if log
+operators play by the rules, exposing misbehavior is important for the web in
+general and not just Tor. The full design turns Tor into a system for
+maintaining a probabilistically-verified view of the CT log ecosystem available
+from Tor's consensus. Each increment leading up to it preserves privacy due to
+and how we use Tor.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 07:56:41 +0000