On Sat, Oct 4, 2014 at 12:26 PM, Ben Laurie <[email protected]> wrote: > > *Alice looks up Bob's key. >> *The Evil Log inserts a spurious key for Bob. We're assuming (I think >> almost all of us are willing to assume this) that log-consistency auditors >> ensure the log has to actually put the spurious key into a globally >> consistent log forever. Trying to locally fork Alice's view is too risky if >> some non-zero proportion of users gossip out of band. >> > > Then this is really the Evil Keyserver doing the inserting. Evil Logs > would presumably try other tactics... >
Yes, if there's a separate Keyserver and Log it's probably the Keyserver doing the spurious insertion. In some version we've been discussing the Keyserver and Log are the same entity. > If there's this magical non-MITMable out-of-band channel, why is Alice not > using it to send the message to Bob in the first place? > Usual reasons: You're setting up a channel for the future so you can afford extra work, and checking a key fingerprint may be much lower bandwidth than the whole conversation or the whole key. But it is certainly a fair point that this out-of-band channel often won't exist and users will want to start talking anyways. > Another thing occurs to me, is this: what if Alice doesn't actually know > Bob? Then the out-of-band magic becomes even more magical. > Yep
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
