On Tue, Aug 19, 2014 at 4:18 AM, Trevor Perrin <[email protected]> wrote:
> - Once Alice has retrieved Bob's public key, she performs anonymized > lookups at random intervals for auditing. Instead of Tor the > anonymized lookups use the directory servers as a mix net. (Which is > interesting, is that for high-latency anonymity or something else?) It's to avoid a dependency on Tor because anonymizing lookups is important enough that it shouldn't be an optional feature. Mix network might not be exactly the right terminology since the implementation I'm imagining won't mix messages since latency is undesirable especially for looking up new keys (might be okay for auditing). Maybe I should have called it message based onion routing. > Q: I think the idea is to have a single M-of-N infrastructure sign > keys for everyone, but the website also mentions "participating > providers" who can sign keys for their users. It's unclear how these > provider-based authorities fit in? Providers endorse keys for their own users which are then published in the Nyms directory system. Nyms either endorses the provider signing keys, or itself signs the user keys after verifying provider signature. A provider who endorses keys should not also provide the directory service for looking up keys because it's easier to conceal dishonest provider behavior from a user attempting to audit their own keys. By requiring providers to upload keys to an independent directory service, there will at least be a record of any attempt to publish bad keys. > * An email provider is in some sense "authoritative" for emails from > its domain. In particular, it could forge registration emails from > its users, so any system based on these will end up trusting the > provider. Yet I'd ALSO claim the provider is one of the most > important entities for end-to-end crypto to protect us from. > Conundrum. Yes, this is the most interesting adversary. I doubt there is any secure way to bind keys to email addresses in the cast that the email provider is fully malicious. Hence, auditing. Elijah put it well when he pointed out that only users themselves know for sure what their correct public keys are. --brl _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
