[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

Tao Effect contact at taoeffect.com
Thu Aug 28 13:17:00 PDT 2014

On Aug 28, 2014, at 1:08 PM, Joseph Bonneau <jbonneau at gmail.com> wrote:

> Either way, I agree that on the hard questions of determining ground truth and not showing tons of spurious warnings we're exactly where we were when the last thread on messaging transparency[1] died in March. There are still painful edge cases like if Alice's client doesn't know that Alice enrolled a new device with a new key yet and warns that a spurious key has been added, which is I discussed over on Google's wiki for this project and haven't heard a compelling answer for.

What do you think of this answer:

Alice's private key is encrypted with her password and stored anywhere (centralized or decentralized service). The new device downloads and uses this same public/private keypair from said service. Public key is stored in blockchain. All is good.


Kind regards,
Greg Slepak

Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140828/ff8037e5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140828/ff8037e5/attachment.sig>

More information about the Messaging mailing list