-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lock keys for verified contacts and groups #51
Conversation
source/new.rst
Outdated
@@ -209,6 +214,9 @@ with the following steps: | |||
8. Alice's device receives the "vg-member-added-received" reply from Bob and | |||
shows a screen "Bob <email-address> securely joined group ``GROUP``" | |||
|
|||
9. The devices of all group members will store the address to key | |||
mapping and use it over other keys in the context of this group. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe it is better to use the same update algorithm as in Setup Contact protocol/step-8. I think eg. a direct out-of-band verification should allow a new verified key in a group.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well... yes but that that would basically turn your Setup Contact into Setup Verified Group... At least in my understanding.... hum. Or at the end of verified contact you update all groups about the new key.
Or would you expect different keys to be used in the same group for a person?
source/new.rst
Outdated
@@ -209,6 +214,9 @@ with the following steps: | |||
8. Alice's device receives the "vg-member-added-received" reply from Bob and | |||
shows a screen "Bob <email-address> securely joined group ``GROUP``" | |||
|
|||
9. The devices of all group members will store the address to key | |||
mapping and use it over other keys in the context of this group. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i rather think discussing how verified key state and Autocrypt key state relate, should go in a para after the protocol steps.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is a nice idea. Let me know when it is there and I will take a look.
@carmelatroncoso @r10s @hpk42 I moved the discussion to a separate section and wrote a new proposal. What do you think? |
@azul looks good to me now |
#49 made it clear that we have not spelled this out.
I think we need to actually lock the keys to uphold the security properties in the face of active attacks such as fabricated Autocrypt headers.