[Cryptography] The Mesh
Ralf Senderek
crypto at senderek.ie
Fri Jul 10 14:45:21 EDT 2015
On Fri, 10 Jul 2015 01:32:55 Phillip Hallam-Baker wrote:
> The mesh does not do any cryptography at all, it is just a dropbox
> for exchanging small quantities of crypto info. So in the above
> example, the admin machine pulls the S/MIME and OpenPGP decryption keys
> that the device is going to need to read emails and encrypts them under
> the device key and uploads the profile to the mesh.
I understand that the mesh is something like a cloud storage for encrypted
keys the user needs on different devices. It just makes the keys available
wherever they might get used. But, doesn't that mean the secret keys must
be stored in the devices in plain text? Or, if you use passwords to
protect them, you'd run in all kinds of key management problems,
(forgotten passphrases etc.)
The administration device at least must store the personal PKI's root
signing key to be able to chain-in all other certificates a user might
need. If you'd use a password for protection here, that'll be entirely
necessary. So, if someone else's email cert has been accepted and
chained, signed and uploaded to the mesh, it is available on all the
devices, but how do you make sure, that the right cert is being
accepted by the personal PKI? I suspect you'll run into all the
well-known difficulties that makes key management an unfriendly
task for the ordinary user.
--ralf
More information about the cryptography
mailing list