Am 20.02.2017 um 07:50 schrieb Jonas Wielicki: > > Possible problem: What happens when an attacker distrusts all your > > devices or creates paradox trust decisions? > > Hold on, what kind of attacker? Please state an attacker model here: > what can > the attacker do, where does it sit in the grand scheme of things? > > A server-level attacker should not be able to add trust between > devices (only > remove it by breaking the signatures or removing items or nodes from the > pubsub). > > Likewise, a device-level attacker should not be able to add trust between > devices other than the device it is controlling. Again, removal is > possible > via PubSub. Sorry, for being unclear. What my concern is, what happens, when an attacker with access to one device messes with the signatures.
Let's assume, You have device A and B. A trusted a lot of contacts devices including Bobs device b. Now you have a newer device B, with that you trusted A and by doing so, have transitive trust in devices trusted by A (like Bobs b). What happens, when an attacker that compromised Bobs account, gets access to A and trusts a foreign malicious device c, which is logged in with Bobs details, so that A now trusts b and c. Since B trusted A, B now also trusts c. The attacker hadn't to get direct access to B, but by compromising A (which is higher in the trust hierarchy), he compromised B's "trust situation". I hope my writing isn't too confusing (so much repeating words...). Kind regards vanitasvitae
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
