Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lock keys for verified contacts and groups #51

Merged
merged 1 commit into from
May 22, 2018
Merged

Conversation

azul
Copy link
Member

@azul azul commented May 15, 2018

#49 made it clear that we have not spelled this out.

I think we need to actually lock the keys to uphold the security properties in the face of active attacks such as fabricated Autocrypt headers.

source/new.rst Outdated
@@ -209,6 +214,9 @@ with the following steps:
8. Alice's device receives the "vg-member-added-received" reply from Bob and
shows a screen "Bob <email-address> securely joined group ``GROUP``"

9. The devices of all group members will store the address to key
mapping and use it over other keys in the context of this group.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe it is better to use the same update algorithm as in Setup Contact protocol/step-8. I think eg. a direct out-of-band verification should allow a new verified key in a group.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well... yes but that that would basically turn your Setup Contact into Setup Verified Group... At least in my understanding.... hum. Or at the end of verified contact you update all groups about the new key.
Or would you expect different keys to be used in the same group for a person?

source/new.rst Outdated
@@ -209,6 +214,9 @@ with the following steps:
8. Alice's device receives the "vg-member-added-received" reply from Bob and
shows a screen "Bob <email-address> securely joined group ``GROUP``"

9. The devices of all group members will store the address to key
mapping and use it over other keys in the context of this group.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i rather think discussing how verified key state and Autocrypt key state relate, should go in a para after the protocol steps.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a nice idea. Let me know when it is there and I will take a look.

@azul
Copy link
Member Author

azul commented May 15, 2018

@carmelatroncoso @r10s @hpk42 I moved the discussion to a separate section and wrote a new proposal. What do you think?

@r10s
Copy link
Collaborator

r10s commented May 15, 2018

@azul looks good to me now

@hpk42 hpk42 merged commit 5be958b into master May 22, 2018
@azul azul deleted the verified-key-lock branch May 22, 2018 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants