[Cryptography] Google E2E (was: Any opinions on keybase.io?)

Guido Witmond guido at witmond.nl
Thu Dec 18 06:25:04 EST 2014

On 12/17/14 18:26, Tony Arcieri wrote:
> In an E2E-like system, Johnny's computer stores the private key, not the
> provider. The threat which would circumvent the encryption is a MitM
> attack perpetrated by the key-directory-who-is-also-his-email-provider.
> If we want to detect this attack without Johnny having to know about
> keys, we need a way that Johnny's agent can detect that the directory is
> misadvertising his public key to others without forcing Johnny to go
> through a key verification process with the people he's communicating with.

I've came up with a protocol that lets the user agents detect if their
key-directory is MitMing them.

It takes a round trip of one message each and sufficient time to
propagate the certificates though the out-of-bound
certificate--uniqueness-validation-service. I've called it the registry
of dishonesty....

The beauty of validation service is this:

The agents need to validate this MitM-status only at the moment the two
users want to communicate. After it is clear that there is no MitM, the
agents record that fact and remember it. The agents make sure to always
use the proven certificate to encrypt messages to the other. There is no
way for the key-server-annex-email-provider to MitM these two endpoints

Here's the requirements for such a validation service:

With regards, Guido Witmond

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141218/95f79d2b/attachment.sig>

More information about the cryptography mailing list