[messaging] Transparency for E2E encrypted messaging at a centralized service
Moxie Marlinspike
moxie at thoughtcrime.org
Wed Mar 26 14:24:33 PDT 2014
On 03/25/2014 08:24 PM, Joseph Bonneau wrote:
> *The service runs a Certificate Transparency-style log for every
> certificate it issues and a similar transparency log for revocation
> (Revocation Transparency or Mark Ryan's Enhanced Certificate
> Transparency). Users query these structures to get proof that the certs
> they are using are genuine and not revoked.
> *Outside auditors scan the log for correctness and provide a web
> interface to check which certs were issued for your username and when.
It seems like you're trading a user's ability to deal with a
key-conflict in band with a user's ability to audit a key-conflict at
some periodic interval.
My concern would be that users are even less equipped to deal with an
audit than a warning prompt, and that this could result in a service
that is simultaneously capable of MITMing users undetectably while also
receiving a shitstorm of false accusations from users who try to audit
these logs themselves.
I always imagine that users install an app and that's the end of it.
What I've learned is that the number of users who re-install an app 8x a
day, in between flashing roms, while mixing in titanium backups from 10
different alternating installs is absurdly high.
- moxie
--
http://www.thoughtcrime.org
More information about the Messaging
mailing list