[messaging] Key rotation

Michael Rogers michael at briarproject.org
Tue Jan 6 04:54:12 PST 2015

Hash: SHA256

On 06/01/15 09:04, carlo von lynX wrote:
> In my plan I was thinking of having mobile devices make exchanges
> by bluetooth whenever they physically meet. Those devices would
> therefore detect having been using false cryptographic material in
> the past on the day the two communication partners meet in person.
> Is this viable? Mike, since you've been working on this hands-on,
> what do you think of this?

I think that's a great idea, and we're planning to do something like
that in Briar. The difficult part is the UX.

The protocol has to be kicked off manually, because if a MITM attack
*has* taken place, Alice and Bob will be using different keys and
therefore won't be able to establish a secure Bluetooth connection
automatically. (That failure in itself isn't a useful signal of an
attack - Bluetooth's flaky.)

So we're probably looking at a workflow based on QR codes, where each
code contains a Bluetooth address and an ephemeral public key for
securing the connection, independent of the key material being validated.

Let's say Alice and Bob scan each other's QR codes and detect that
they've been using different keys. What should they do? This is the
hard part, because there are several reasons this could happen:

* Alice or Bob may have selected the wrong contact from their contact
list to validate
* The third party who introduced them may have carried out a MITM attack
* Alice may be lying to make Bob think that the third party carried
out a MITM attack, or vice versa

I can't see how to distinguish between these possibilities
automatically, and I don't know how to explain the possibilities to
the users, or what course of action to recommend. So this feature
languishes on the long-term todo list...


Version: GnuPG v1.4.12 (GNU/Linux)


More information about the Messaging mailing list