[messaging] twitter and github as key validators [was: Re: key validation rules for today]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Sep 9 14:29:30 PDT 2014

On 09/09/2014 04:09 PM, Tony Arcieri wrote:
> If you have your key fingerprint published through many channels, someone
> concerned with actually verifying your key fingerprint can check them all
> to ensure they match. If there's a discrepancy, something is probably amiss.

it looks like https://twitter.com/dkg and https://github.com/dkg do not
publish the same information.  So, something is probably amiss.  What
should a user do with this information?

What if https://twitter.com/dkgillmor and https://github.com/dkgillmor
both offer the same key as each other, and their respective
contributions to the public discourse seem like the contributions that i
tend to make?  now do you believe the choice of key material published
by those accounts?

(note how easy it is to clone someone's public github repos; note also
how easy it is to replay someone's twitter feed into a new account; and
this is an impersonation attack i can do *without* being a twitter or
github administrator)

> Perhaps an attacker managed to compromise them all and update your key
> fingerprints in all locations to confuse a victim into sending the attacker
> an encrypted message. Sure, it's not a great solution. It's an OK solution,
> however. Certainly better (from a security, not usability perspective) than

I agree it seems better than nothing and (probably) better than TOFU.
I'm just not sure what we're doing with it, and whether it helps us to
identify the actual people behind the different communications channels,
or whether it makes those different communications channels more
important, and the actual people less important.

> Short of things like Google's proposed CT-alike for E2E looking for
> dishonest Key Directories, I'm not sure how you do better.

So i think what you're getting at here is auditability, which is a
useful thing, particularly when coupled with the ability to act
effectively on detected malfeasance.  I still haven't read the google
E2E proposal, so i probably need to go do that.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140909/1a6e8ef7/attachment.sig>

More information about the Messaging mailing list