WingNews logo WingNews
top | item 47099179

(no title)

rawling | 8 days ago

Is it not possible to create a non-repudiable archive of what a website served, when, entirely locally i.e. not relying on some third party site who might disappear or turn out to be unreliable?

Could you not in theory record the whole TLS transaction? Can it not be replayed later and re-verified?

Up until an old certificate leaks or is broken and you can fake anything "from back when it was valid", I guess.

discuss

order

arboles|8 days ago

I don't know, but archive sites could at least publish hashes of the content at archive time. This could be used to prove an archive wasn't tampered with later. I'm pretty underwhelmed by the Wayback Machine (archive.org), it's no better technically than archive.today.

armchairhacker|8 days ago

How do you ensure the tampered content isn’t re-hashed? Usually if you’re saving the hash in advance, you can save the whole archived page. Otherwise, you can use a regular archive service then hash the archived page yourself.

The only way I know to ensure an archive isn’t tampered is to re-archive it. If you sent a site to archive.today, archive.org, megalodon.jp, and ghostarchive.org, it’s unlikely that all will be tampered in the same way.

justincormack|8 days ago

Unfortunately you can't usefully replay TLS and be able to validate it, so no that does not work. Best strategy would probably be a public transparency log, but websites are pretty variable and dynamic so this would be unlikely to work for many.

octoberfranklin|8 days ago

Actually you can! After all, TLS lacks the deniability features of more advanced cryptosystems (like OTR or Signal).

The technology for doing this is called a Zero Knowledge Proof TLS Oracle:

https://eprint.iacr.org/2024/447.pdf

https://tlsnotary.org

The 10k-foot view is that you pick the random numbers involved in the TLS handshake in a deterministic way, much like how zk proofs use the Fiat-Shamir transform. In other words, instead of using true randomness, you use some hash of the transcript of the handshake so far (sort of). Since TLS doesn't do client authentication the DH exchange involves randomness from the client.

For all the blockchain haters out there: cryptocurrency is the reason this technology exists. Be thankful.