[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

Tao Effect contact at taoeffect.com
Thu Aug 28 13:17:00 PDT 2014


On Aug 28, 2014, at 1:08 PM, Joseph Bonneau <jbonneau at gmail.com> wrote:

> Either way, I agree that on the hard questions of determining ground truth and not showing tons of spurious warnings we're exactly where we were when the last thread on messaging transparency[1] died in March. There are still painful edge cases like if Alice's client doesn't know that Alice enrolled a new device with a new key yet and warns that a spurious key has been added, which is I discussed over on Google's wiki for this project and haven't heard a compelling answer for.

What do you think of this answer:

Alice's private key is encrypted with her password and stored anywhere (centralized or decentralized service). The new device downloads and uses this same public/private keypair from said service. Public key is stored in blockchain. All is good.

?

Kind regards,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140828/ff8037e5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140828/ff8037e5/attachment.sig>


More information about the Messaging mailing list