[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

David Leon Gil coruus at gmail.com
Thu Aug 28 09:22:27 PDT 2014

Indeed; as AGL points out, this works fine. I thought it was worth
amplifying his point somewhat:

A Byzantine consensus algorithm that signs each message is 'safe'[*] even
when only *one* leader is uncorrupted. As a corollary, if the set of
servers a client can contact contains at least one uncorrupted server, the
client can learn which servers have been corrupted.

(Gossip protocols are, essentially, lightweight ways of making all clients
act as servers for sub-parts of the state machine.)

[*] Here, safety means that the servers' representations of the underlying
state machine are consistent.

- dlg

On Thursday, August 28, 2014, Adam Langley <agl at imperialviolet.org> wrote:

> On Wed, Aug 27, 2014 at 2:32 PM, yan <yan at mit.edu <javascript:;>> wrote:
> > Since the Key Directories are (at least initially) run by the Identity
> > Providers (Google, Yahoo, etc.), it doesn't seem very useful to gossip
> > the Signed Tree Head inside channels controlled by the identity provider
> I assume that the gossip will be within the signed part of the message
> so that the channel cannot alter it.
> Cheers
> --
> Adam Langley agl at imperialviolet.org <javascript:;>
> https://www.imperialviolet.org
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org <javascript:;>
> https://moderncrypto.org/mailman/listinfo/messaging
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140828/fd708638/attachment.html>

More information about the Messaging mailing list