[messaging] Transparency for E2E encrypted messaging at a centralized service

Michael Rogers michael at briarproject.org
Thu Mar 27 10:39:58 PDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 27/03/14 14:53, Daniel Kahn Gillmor wrote:
> For the read-only document-sharing use case, you could stuff the
> public signing key inside the encrypted body, in addition to the
> signed cleartext.  There's no need for it to be out-of-band except
> for bandwidth conservation, but a minimal OpenPGP certificate 
> (mainkey+uid+selfsig, or mainkey+uid+selfsig+signingsubkey+selfsig
> at worst) isn't going to be too terribly large compared to most
> files.

This would require prior out-of-band delivery of some other public key
that would sign the key stuffed into the file, right? Otherwise an
attacker could modify the body, sign it with her own private key, and
stuff her own public key into the file.

All I'm really saying here is that OpenPGP isn't the right tool for
this job because it lacks MACs. It wasn't meant to be an important
point, just an aside.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJTNGJuAAoJEBEET9GfxSfMnJ0H+wbpjyO+uRb/B1B9GAlnHtxB
JWecDnf+L2iZfKNfndKRPlKzvJ8/cspAqJEDrqu2H+GvDGW6gC3FPJKZpqRTV6k3
Y4c+1SLuEMMG1dL4GyEM7lVBcrO6VB9hMUr9Z4nvRIhsmkL0l+ffn+nc4pfxUF6Q
/Md07r8DQL737g2jV2Qreb6aFXRbW8DUPo+OiuC/AcRXkZTFa6HuCPPWWyOzNkSF
hBmeUd7ZqF1qWL/b4CJjF5wcsBAzubLlLCtSmolysoBrFIvT1KH85zAHvkdQ3lKa
jxdsn8huhTw1Ip2UawhIrqhFz0XO1suBHwdf83ovh0eu7yXvAsVoyLyY/o+4zEM=
=Hfed
-----END PGP SIGNATURE-----


More information about the Messaging mailing list