-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 06/01/15 09:04, carlo von lynX wrote: > In my plan I was thinking of having mobile devices make exchanges > by bluetooth whenever they physically meet. Those devices would > therefore detect having been using false cryptographic material in > the past on the day the two communication partners meet in person. > Is this viable? Mike, since you've been working on this hands-on, > what do you think of this?
I think that's a great idea, and we're planning to do something like that in Briar. The difficult part is the UX. The protocol has to be kicked off manually, because if a MITM attack *has* taken place, Alice and Bob will be using different keys and therefore won't be able to establish a secure Bluetooth connection automatically. (That failure in itself isn't a useful signal of an attack - Bluetooth's flaky.) So we're probably looking at a workflow based on QR codes, where each code contains a Bluetooth address and an ephemeral public key for securing the connection, independent of the key material being validated. Let's say Alice and Bob scan each other's QR codes and detect that they've been using different keys. What should they do? This is the hard part, because there are several reasons this could happen: * Alice or Bob may have selected the wrong contact from their contact list to validate * The third party who introduced them may have carried out a MITM attack * Alice may be lying to make Bob think that the third party carried out a MITM attack, or vice versa I can't see how to distinguish between these possibilities automatically, and I don't know how to explain the possibilities to the users, or what course of action to recommend. So this feature languishes on the long-term todo list... Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJUq9r0AAoJEBEET9GfxSfMcLsIALqyRPG3vs9EIg4H1vk+nvh6 gVG9SZSGaVsviL4wb26j5c/ZEjkJvbWR1pE16qFkEUUE4qoPt2rij7LW10OddOXm cTuDiyWf1L2GqxHLqC3tOpfzVIMPdLhiyZLNhICJpE6xbfpv0TQ2PAdP/HJ87/R2 QYGZlnI45UyaQkddWnbsjNuhx/I6uw1WzkOY8FXu1iKqrgcYfqkR5pZnzwl1ksjD iUV1kXYjX6YpjcPuf3umAfaPlXxGBl50aZRuAldoqMvBDBKq4oZH4VxgubJmYSRM g2iaKh7/NHDajGqyOPkQG9fqEAq4CbgfzFfC7uW5PY3XiKDwgcGECJkyVv37Z/M= =eaOR -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
