[messaging] Transparency for E2E encrypted messaging at a centralized service

Joseph Bonneau jbonneau at gmail.com
Wed Mar 26 15:27:10 PDT 2014


On Wed, Mar 26, 2014 at 5:24 PM, Moxie Marlinspike
<moxie at thoughtcrime.org>wrote:

>
> On 03/25/2014 08:24 PM, Joseph Bonneau wrote:
> > *The service runs a Certificate Transparency-style log for every
> > certificate it issues and a similar transparency log for revocation
> > (Revocation Transparency or Mark Ryan's Enhanced Certificate
> > Transparency). Users query these structures to get proof that the certs
> > they are using are genuine and not revoked.
> > *Outside auditors scan the log for correctness and provide a web
> > interface to check which certs were issued for your username and when.
>
> It seems like you're trading a user's ability to deal with a
> key-conflict in band with a user's ability to audit a key-conflict at
> some periodic interval.
>

I hope not, because I fully expect most users will do neither. My goal was
to provide *some* protection for users who don't do anything thanks to a
few users who actually do audit the log against their own history. Security
comes from the fact that the authorities might be able to MITM some users
who aren't checking, but eventually they'll slip up and attack a users who
does check and can then prove it. Hopefully this is enough to make the
attacker wary. This has been referred to as the "malicious but cautious"
adversary model, and I like Tom Ritter's explanation that 98% of users
trust and 2% of users verify.

That's the goal here. With individual fingerprint-checking, the verifying
users are really only protecting themselves since proving the bad
fingerprint is an actual attack is hard.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140326/c72bf819/attachment.html>


More information about the Messaging mailing list