[messaging] Transparency for E2E encrypted messaging at a centralized service
michael at briarproject.org
Fri Mar 28 14:06:39 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 27/03/14 17:47, Daniel Kahn Gillmor wrote:
> if all you care about is a MAC, then you don't need certification
> of the key out-of-band. stuffing any arbitrary signing key in-band
> with the message and a signature over it, and having the recipient
> verify the signature, will give you the equivalent of a MAC on an
> unsigned message.
No it won't. A man-in-the-middle can strip off the signing key and
signature, modify the body, and attach a new signing key and
signature. To prevent that, either the recipient has to recognise the
authentic signing key, or the signing key has to be certified by some
key that the recipient recognises. Either way, an out of band password
isn't sufficient to integrity-check the file.
With a MAC, on the other hand, the sender and recipient can derive
cipher and MAC keys from the password, so only the password needs to
be sent out of band.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Messaging