On Sat, Dec 23, 2017 at 08:28 +0000, Trevor Perrin wrote: > On Sat, Dec 23, 2017 at 12:23 AM, Vincent Breitmoser > <look@my.amazin.horse> wrote: > >> The recipient of this message will accept and use the incorrect > >> gossiped keys for group replies, thus sending unreadable messages. > > > > I don't think that's right? Keys received directly take precedence over > > gossip keys, so everyone who participates in the group and has sent at > > least a single message, will no longer have his key overridden within > > that group. > > Sure, but anyone in the group who *hasn't* sent a recent message to > all other group members is at risk of having their key overridden by > an outsider.
If an outsider gets into people's inboxes with maliciously gossiped keys: - to do any more than annoy people, the outsider also needs to be able to intercept messages to make use of injecting the keys - any MUA that keeps track of when and from whom it received keys could identify the outsider's interference (maybe with an additional out-of-band verification step with one of the "overriden" affected key holders) IOW, how do you imagine this attack to practically happen and have interesting (for the outsider) effects? holger _______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging