[messaging] Opportunistic encryption and authentication methods

Joseph Bonneau jbonneau at gmail.com
Sat Sep 13 13:43:20 PDT 2014


On Sat, Sep 13, 2014 at 4:13 PM, zaki at manian.org <zaki at manian.org> wrote:

> I can't find any Wickr UI to access a key fingerprint.
>

FWIW I can't either, at least not on Android.


> We don't really discuss what should happen after a user finds that the key
> fingerprints don't match. Do they just switch communication systems? Report
> to some sort of community or authority? Hire a lawyer? The strength of the
> protocol for dealing with identity errors determines that value of a key
> verification ritual.
>

This issue has come up before in the case of transparency logs and perhaps
we need to more seriously consider it. If I detected a mismatch and I were
*sure* that the server had misbehaved I would try to capture some basic
forensics, publicize on lists like this and elsewhere, and hope that
whatever reputation I have within security circles will convince a few
folks the server is not be trustworthy.

The service provider would almost certainly dispute my claim (either it
actually would be my mistake, or if I found a real MITM attack they'd need
to dispute my claim to preserve their reputation). Meanwhile there's a risk
there would be some number of cranks reporting spurious errors, possibly
more than real errors.

So it's not clear exactly how much security we'd gain. I agree with Tom's
point that this is a relatively small amount of code to have an option deep
in the settings to expose the actual key fingerprints used for each message
and I personally wish all proprietary apps did this. But they might
rationally view it as a negative feature if it led to spurious reports and
criticism and didn't effectively prevent real attacks.

There's also an argument to be made that with any proprietary app, the
fingerprint UI could be subverted anyways by pushing a backdoored version
of the app. This is definitely a harder attack though and more likely to be
spotted conclusively by an honest insider or somebody decompiling the
source.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140913/22687c83/attachment.html>


More information about the Messaging mailing list