[guardian-dev] pgp key server on guardianproject.info

Kevin Steen mayfirstorg at kevinsteen.net
Thu Sep 19 07:37:55 EDT 2013


On 18/09/13 10:14, Michael Rogers wrote:
> On 18/09/13 00:23, Hans-Christoph Steiner wrote:
>> This seems a really minor privacy leak, if one at all.  If Alice is
>> emailing the Bob and CCing Carol, then its obvious to everyone that
>> Alice already had Bob's email.  So Alice could have just as easily
>> gotten Bob's fingerprint at the same time as the email address.
>> Especially once secure introductions become widespread, that would
>> be the case.
> 
> Ah, sorry, I misunderstood your proposal. If Alice only sends Bob's
> public key to Carol when she's CCing Bob, I agree there's no
> significant privacy leak - and it's a much more elegant solution than
> mining Alice's mail headers. :-)
> 
>> I think the key to having this working is to have it continuous,
>> transparent, and automatic.
> 
> Yes, definitely!

Beware of creating an easy man-in-the-middle attack where anyone can
supply a fake key for Bob by crafting an email to Carol which allegedly
CC's Bob, but is only delivered to Carol's mail server. If Carol "can't
be bothered to learn about encryption and stuff because it just works"
she may never realise she's using the wrong key for Bob.

The risk of long-term attack is hopefully low, as the attacker would
need to intercept every message between Bob and Carol. At some point
Carol would receive a different key directly from Bob and be prompted
with a 'forged message' alert, hopefully forcing her to verify which key
is actually Bob's.

I think a mitigation would be to prompt every time the user sends a
message to someone whose key hasn't been marked as 'manually verified'
(and not to make it too easy to manually verify a key just by clicking
'OK'!)

-Kevin


More information about the Guardian-dev mailing list