[messaging] Verification of strict key change policy in CONIKS?
contact at taoeffect.com
Mon Mar 21 22:56:34 PDT 2016
Questions for Joseph, Marcela, or any other CONIKS experts out there:
Regarding the strict key change policy mentioned in the paper, how can Alice verify Bob’s latest key? Does she cache his previous key and verify the latest one received comes with a key-change message that’s signed by the previously cached key?
This aspect doesn't seem to be part of the protocol described in the paper. If there is a way to securely verify the key change using a previously verified/pinned key then this mechanism could prevent MITM attacks.
So is this specified in an “official protocol” somewhere? Also, is there an official discussion list for CONIKS?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Messaging