[messaging] WhatsApp & OWS team up

Tim Bray tbray at textuality.com
Tue Nov 18 16:41:27 PST 2014

On Tue, Nov 18, 2014 at 3:48 PM, Tony Arcieri <bascule at gmail.com> wrote:

> On Tue, Nov 18, 2014 at 12:29 PM, Maxwell Krohn <themax at gmail.com> wrote:
>> Storage and availability is centralized, but not trust.  Clients don’t
>> trust the server.
> This isn't true. A server is authoritative for a user's latest key
> fingerprint. In the event of a key compromise, a user needs to update their
> key, but a malicious key server can perform an attack by continuing to
> serve the compromised key.

​As the author of working client code, I’m pretty sure that this is true,
actually.  You search Keybase and discover a public key you can download
and associated pointers to “proof” assertions.  So you download the public
key and that’s the end of your conversation with Keybase.  You go and fetch
the posts from Twitter & GitHub & Reddit & so on and check whether those
posts are actually signed with that key.

Empirically, the key exists, and it is verifiable, without consulting
keybase, that at certain points in time the corresponding private key was
in the control  of some entity that also controlled certain
Twitter/Reddit/GitHub accounts.

I certainly agree that this would be better if it weren’t done through a
single web server.  In particular, while the keybase.io implementation is
cool and their JSON API is super straightforward to use, they don’t pretend
to have a business model or to be anything more than a project run by a
couple of guys.  I think the notion of establishing key ownership by
leveraging multiple providers of authentication services is super
interesting and useful.

> I would look to a system like The Update Framework as inspiration for how
> next generation key servers should be designed. Rather than writing off
> these attacks, they try to systematically address all of them:
> http://freehaven.net/~arma/tuf-ccs2010.pdf
> --
> Tony Arcieri

- Tim Bray (If you’d like to send me a private message, see
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141118/01bdf1a9/attachment.html>

More information about the Messaging mailing list