<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">Context:</div><div class="gmail_quote"><br></div><div class="gmail_quote"><a href="https://github.com/google/end-to-end">https://github.com/google/end-to-end</a><br></div><div class="gmail_quote"><a href="http://www.infoworld.com/article/2860435/security/googles-work-on-full-encryption-chugs-along-with-yahoos-help.html">http://www.infoworld.com/article/2860435/security/googles-work-on-full-encryption-chugs-along-with-yahoos-help.html</a><br></div><div class="gmail_quote"><a href="http://www.technologyreview.com/view/533456/people-want-safe-communications-not-usable-cryptography/">http://www.technologyreview.com/view/533456/people-want-safe-communications-not-usable-cryptography/</a><br></div><div class="gmail_quote"><br></div><div class="gmail_quote">On Wed, Dec 17, 2014 at 3:31 AM, Ralf Senderek <span dir="ltr"><<a href="mailto:crypto@senderek.ie" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=crypto@senderek.ie&cc=&bcc=&su=&body=','_blank');return false;">crypto@senderek.ie</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Without Johnny controlling (at least part of) the encryption key there is<br>
no assurance of security for Johnny and that's why it cannot happen to<br>
him transparently.</blockquote><div><br></div><div>In an E2E-like system, Johnny's computer stores the private key, not the provider. The threat which would circumvent the encryption is a MitM attack perpetrated by the key-directory-who-is-also-his-email-provider.</div><div><br></div><div>If we want to detect this attack without Johnny having to know about keys, we need a way that Johnny's agent can detect that the directory is misadvertising his public key to others without forcing Johnny to go through a key verification process with the people he's communicating with.</div><div><br></div><div>On Wed, Dec 17, 2014 at 7:53 AM, Paul Hoffman <span dir="ltr"><<a href="mailto:paul.hoffman@vpnc.org" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=paul.hoffman@vpnc.org&cc=&bcc=&su=&body=','_blank');return false;">paul.hoffman@vpnc.org</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Yep, and AFAICT, it is equally terrible to <a href="http://keybase.io/" target="_blank">keybase.io</a>. (More or less depending on whether you trust Google and Yahoo...)<br></blockquote><div><br></div><div>I agree it would be bad if we had to trust Google or Yahoo, but in this capacity they're not acting much different from an SKS keyserver. The only differences would be we select which keyserver to use to obtain Johnny's public key based on Johnny's email address, and Johnny has to authenticate so his agent can manage his public key automatically on his behalf.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">> Google proposed a CT-like transparency protocol which would help users identify if their directory misadvertized their keys:<br><br></span>That doesn't help Johnny encrypt his personal communications. It's good stuff, but orthogonal to this thread.</blockquote></div><div><br></div><div>Okay, new thread created!</div><div><br></div><div>A MitM attack is the only failure mode of this system. Until it happens, Johnny doesn't have to concern himself with the encryption.</div><div><br></div><div>When it happens, the system (or rather, Johnny's agent auditing public logs and gossiping via encrypted email messages) tries to detect it and inform Johnny . Whether this is useful information to Johnny remains to be seen...</div><div><br></div></div>-- <br><div class="gmail_signature">Tony Arcieri<br></div>
</div></div>