[messaging] Autocrypt 1.0

Trevor Perrin trevp at trevp.net
Sat Dec 23 11:38:34 PST 2017


On Sat, Dec 23, 2017 at 8:48 AM, holger <holger at merlinux.eu> wrote:
> On Sat, Dec 23, 2017 at 08:28 +0000, Trevor Perrin wrote:
>>
>> Sure, but anyone in the group who *hasn't* sent a recent message to
>> all other group members is at risk of having their key overridden by
>> an outsider.
[...]
>
> IOW, how do you imagine this attack to practically
> happen and have interesting (for the outsider) effects?

Hi Holger,

Suppose a group of people have recently met and exchanged email
addresses, and are now engaged in time-sensitive communication.

As an outsider, I can send an email to the group containing incorrect
gossip for the group.  This has a fair chance of disrupting
inter-group communication, causing confusion and delay.

Trevor


More information about the Messaging mailing list