[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

Ben Laurie ben at links.org
Fri Aug 29 08:33:59 PDT 2014

On 28 August 2014 21:20, Moxie Marlinspike <moxie at thoughtcrime.org> wrote:
> What I'm confused about is, where's the evidence?  If the cryptosystem
> is truly "invisible" to the user (as it should be!), these keys are
> going to be changing a lot, especially for users who aren't terribly
> crypto-literate (ie: Glenn Greenwald).

I hear this claim a lot (that the crypto system should be invisible).
I don't buy it: if it is invisible, then there can be no distinction
between "you are communicating with an entity you have verified" and
"you are communicating with an unverified entity (who could be a
MITM)". Clearly this is bad.

Now, if we can somehow avoid the need for verification using, say, a
CT-like mechanism, then we still need to distinguish between the
"everything is OK" state and the "log is doing something evil" state.

_Somewhere_ we have to make these things visible. If it is invisible,
the user is not protected.

More information about the Messaging mailing list