[messaging] Transparency for E2E encrypted messaging at a centralized service

Michael Rogers michael at briarproject.org
Fri Mar 28 14:06:39 PDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 27/03/14 17:47, Daniel Kahn Gillmor wrote:
> if all you care about is a MAC, then you don't need certification
> of the key out-of-band.  stuffing any arbitrary signing key in-band
> with the message and a signature over it, and having the recipient
> verify the signature, will give you the equivalent of a MAC on an
> unsigned message.

No it won't. A man-in-the-middle can strip off the signing key and
signature, modify the body, and attach a new signing key and
signature. To prevent that, either the recipient has to recognise the
authentic signing key, or the signing key has to be certified by some
key that the recipient recognises. Either way, an out of band password
isn't sufficient to integrity-check the file.

With a MAC, on the other hand, the sender and recipient can derive
cipher and MAC keys from the password, so only the password needs to
be sent out of band.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJTNeRfAAoJEBEET9GfxSfMPJgH/jelVeVzzHY3phmcwnpqx3YR
pa/VUV/nKEwSVnPiXplwdzqc20JN/l2FRGaNoIL6CBSbXm+VnnON8sd+Cz+921NJ
kWk6MHCDElQjV7pZd+F0y/LlYoh9tTq2C3oC7a+FgD/QrhcbY/kuthpdHzkvil8B
37G8U2+LHLRNFKuZfwV8bsHluG/DakawKh+hknzEWJsco871xn74/WcbKMnDTif3
HjUVzbkcQyizAtUQUVCjD4SlYdZSHyo1JLwyDu4CHJw53C3BLHgBBH71WlYAGLFm
ENW3szATy8040XWvqv5T1bhpc6dOXXbnFoGNLNCl1SprNwSiz3eesHGPIyNdIfE=
=p5uM
-----END PGP SIGNATURE-----


More information about the Messaging mailing list