[messaging] Whiteout Secure PGP Key Sync

David Leon Gil coruus at gmail.com
Wed Jul 23 08:17:10 PDT 2014

On Friday, July 18, 2014, Tankred Hase <tankred at whiteout.io> wrote:

> Thanks much for the link to the source! (But the license is too scary for
> me to actually read it; it appears to attempt to grant a license to people
> 'auditing' the code, but no-one else.)
> Yes. We're still figuring out our businessmodel, which is why we haven't
> finalized our licensing terms. Our IMAP/SMTP code is already MIT though:
> http://emailjs.org

That's really awesome re emailjs. I'll take a look!

I thought I'd mention this on-list, actually, for developers of other
commercial applications: The Affero GPLv3 was written to be helpful in this
case: it extends the GPL to server-side and web apps (users -- and thus the
original developers -- have a right to the source). (And there's no
particular need to release *all* of your app's source under that, even.)

> There is no easy answer here. I myself am a big fan of open source, but
> most FLOSS tools like GPG tools cannot provide what many non-technical
> users need, like professional support, hosting and other services. We're
> explicitely building a commercial product that people will want to pay for,
> since we're (hopefully) providing value to our users

I agree completely. Alas, the story of open-source crypto projects (w.r.t.
being adequately funded) has not historically been good. So I'm hoping you
manage to find a business model that works.

> First, a security model question:
> Suppose the following:
> (1)  I have access to the server's permanently stored material, but not
> the various ephemeral keys.
> (2)  I take a picture of a user while they're using the QR code option to
> transfer their master secret.
> What can I do next?
> Not sure what attack you're suggesting. Can you provide a more elaborate
> example.

Okay, sure. I'm NSA/FBI/BND/ANSSI. I want a user's private key. So I hack
into your servers, and get every encrypted private key you store.

What do I do next? Is just taking a picture[*] of the user transferring the
master key via the QR code option sufficient to decrypt what I got from
your server. Or do I also have to MitM a connection between their device
and your server? (The answer is hopefully the latter.)

[*] Note that, for QR codes, it's easy to do this at large scale. E.g., do
image processing of security camera footage.

Existing PGP key servers don't authenticate keys. The problem are listed
> here: http://en.m.wikipedia.org/wiki/Key_server_(cryptographic)

Okay. Now I get what you're doing! That's great.

(And I'm aware of the many key server issues...)

> Currently only certs used for our IMAP/SMTP stack are pinned, which is why
> you see a google ca for gmail. Since chrome support ssl pinning for the
> https stack, we might add pinning for requests to our *whiteout.io
> servers in a later version.

Well, at the very least, get on the pinlist at some point.

> The code and certs are deployed/installed via a packaged app (not
> webserver). More on this here:
> http://tankredhase.com/2014/04/13/heartbleed-and-javascript-crypto/

(Right, sorry, I was unclear: I thought that your endpoints might be
running on Appspot, and therefore that was your pin to the Google CA
Appspot uses.)

(Some more on the signature thing in a while.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140723/b870d61d/attachment.html>

More information about the Messaging mailing list