[messaging] Transparency for E2E encrypted messaging at a centralized service
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Mar 27 10:47:09 PDT 2014
On 03/27/2014 01:39 PM, Michael Rogers wrote:
> On 27/03/14 14:53, Daniel Kahn Gillmor wrote:
>> For the read-only document-sharing use case, you could stuff the
>> public signing key inside the encrypted body, in addition to the
>> signed cleartext. There's no need for it to be out-of-band except
>> for bandwidth conservation, but a minimal OpenPGP certificate
>> (mainkey+uid+selfsig, or mainkey+uid+selfsig+signingsubkey+selfsig
>> at worst) isn't going to be too terribly large compared to most
>> files.
>
> This would require prior out-of-band delivery of some other public key
> that would sign the key stuffed into the file, right? Otherwise an
> attacker could modify the body, sign it with her own private key, and
> stuff her own public key into the file.
if all you care about is a MAC, then you don't need certification of the
key out-of-band. stuffing any arbitrary signing key in-band with the
message and a signature over it, and having the recipient verify the
signature, will give you the equivalent of a MAC on an unsigned message.
> All I'm really saying here is that OpenPGP isn't the right tool for
> this job because it lacks MACs. It wasn't meant to be an important
> point, just an aside.
There are certainly systems with less legacy cruft that would be nicer
to use if interop with the installed base of OpenPGP users isn't a
development goal.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140327/11fb094c/attachment.sig>
More information about the Messaging
mailing list