Quoting Tony Arcieri (2014-08-27 14:32:15) > They plan on having email providers run "Key Directories" and using > encrypted messages to gossip data about the directories, providing a > CT-like system: > > https://code.google.com/p/end-to-end/wiki/KeyDistribution
Pretty interesting the idea of passing around the STHs and audit the servers in distributed manner. Looks a bit worrisome to have a list of all the email accounts on the log, but it's not worst than having it in the sks keyservers. The thing that bothers me about this protocol is that if a MitM can produce a fake log, it can revoke a key that you have being using for a long time and trusted and give you a new key for this user. You will use this new key without checking if is signed by the previous key or any other way to maintain the trust that you already have on it. It's true that in the future by gossip or by MitM disappearing you will retroactively realize of the problem, but then might be too late. -- Ruben Pollan | http://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: http://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.
signature.asc
Description: signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
