On 08/28/2014 09:04 AM, Adam Langley wrote: > On Wed, Aug 27, 2014 at 2:32 PM, yan <[email protected]> wrote: >> Since the Key Directories are (at least initially) run by the Identity >> Providers (Google, Yahoo, etc.), it doesn't seem very useful to gossip >> the Signed Tree Head inside channels controlled by the identity provider > > I assume that the gossip will be within the signed part of the message > so that the channel cannot alter it. >
But the identity provider can give Alice a version of the log that contains fake keys for Bob that are controlled by the identity provider. If I understand correctly, it could then MITM all her messages to/from Bob and show gossip in the signed part of the message that is consistent with the malicious version of the CT log that contains the fake key for Bob. (This assumes Alice/Bob haven't verified keys directly.) > > Cheers > > AGL > _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
