[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

Ruben Pollan meskio at sindominio.net
Thu Aug 28 09:27:00 PDT 2014

Quoting Tony Arcieri (2014-08-27 14:32:15)
> They plan on having email providers run "Key Directories" and using
> encrypted messages to gossip data about the directories, providing a
> CT-like system:
> https://code.google.com/p/end-to-end/wiki/KeyDistribution

Pretty interesting the idea of passing around the STHs and audit the servers in 
distributed manner. Looks a bit worrisome to have a list of all the email 
accounts on the log, but it's not worst than having it in the sks keyservers.

The thing that bothers me about this protocol is that if a MitM can produce a 
fake log, it can revoke a key that you have being using for a long time and 
trusted and give you a new key for this user. You will use this new key without 
checking if is signed by the previous key or any other way to maintain the trust 
that you already have on it. It's true that in the future by gossip or by MitM 
disappearing you will retroactively realize of the problem, but then might be 
too late.

Ruben Pollan  | http://meskio.net/
 My contact info: http://meskio.net/crypto.txt
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140828/111109b7/attachment.sig>

More information about the Messaging mailing list