On Tue, Nov 18, 2014 at 3:48 PM, Tony Arcieri <[email protected]> wrote:
> On Tue, Nov 18, 2014 at 12:29 PM, Maxwell Krohn <[email protected]> wrote: > >> Storage and availability is centralized, but not trust. Clients don’t >> trust the server. > > > This isn't true. A server is authoritative for a user's latest key > fingerprint. In the event of a key compromise, a user needs to update their > key, but a malicious key server can perform an attack by continuing to > serve the compromised key. > As the author of working client code, I’m pretty sure that this is true, actually. You search Keybase and discover a public key you can download and associated pointers to “proof” assertions. So you download the public key and that’s the end of your conversation with Keybase. You go and fetch the posts from Twitter & GitHub & Reddit & so on and check whether those posts are actually signed with that key. Empirically, the key exists, and it is verifiable, without consulting keybase, that at certain points in time the corresponding private key was in the control of some entity that also controlled certain Twitter/Reddit/GitHub accounts. I certainly agree that this would be better if it weren’t done through a single web server. In particular, while the keybase.io implementation is cool and their JSON API is super straightforward to use, they don’t pretend to have a business model or to be anything more than a project run by a couple of guys. I think the notion of establishing key ownership by leveraging multiple providers of authentication services is super interesting and useful. > > I would look to a system like The Update Framework as inspiration for how > next generation key servers should be designed. Rather than writing off > these attacks, they try to systematically address all of them: > > http://freehaven.net/~arma/tuf-ccs2010.pdf > > -- > Tony Arcieri > -- - Tim Bray (If you’d like to send me a private message, see https://keybase.io/timbray)
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
