[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

yan yan at mit.edu
Thu Aug 28 11:39:34 PDT 2014


On 08/28/2014 09:04 AM, Adam Langley wrote:
> On Wed, Aug 27, 2014 at 2:32 PM, yan <yan at mit.edu> wrote:
>> Since the Key Directories are (at least initially) run by the Identity
>> Providers (Google, Yahoo, etc.), it doesn't seem very useful to gossip
>> the Signed Tree Head inside channels controlled by the identity provider
> 
> I assume that the gossip will be within the signed part of the message
> so that the channel cannot alter it.
> 

But the identity provider can give Alice a version of the log that
contains fake keys for Bob that are controlled by the identity provider.
If I understand correctly, it could then MITM all her messages to/from
Bob and show gossip in the signed part of the message that is consistent
with the malicious version of the CT log that contains the fake key for Bob.

(This assumes Alice/Bob haven't verified keys directly.)

> 
> Cheers
> 
> AGL
> 



More information about the Messaging mailing list