Search Mailing List Archives
[liberationtech] My design to implement PGP in commercial email system
piuttosto at logorroici.org
Tue Jul 30 00:48:16 PDT 2013
On 30/07/2013 02:10, Percy Alpha wrote:
> To boyska,
>> but what if Gmail provides a fake key for B? Why should you
>> automatically trust that key?
>> Also, I miss the point of signatures: A signs B's key, but noone cares
>> about that signature in that scheme. Am I missing something?
> "At first time, B's public key will be downloaded from Google and signed by
> A.". "Any subsequent times, A also verifies the authenticity of B's key".
how does a browser know if this is the first time or the second one?
What I mean is:
1) Alice wants to send an mail to Bob. It's the first time, so she
retrieves B's key and signs it
2) in a different session (ie: in a different browser) Alice sends an
email to Bob. It retrieves B's key, but Mallory does mitm and gives a
different key; let's call M(B) that key; there is no signature on it, so
A thinks it's the first time, and accepts the key and signs it.
at that point, the mitm even received a signature from A!
itself, so the second time it could just be changed to behave in a
completely different way without Alice ever noticing it; this can be
done both by google and by a mitm.
> I'm targeting the common people(email provider to the common people),not
> the existing PGP users.
I think I missed the point; could you clear out an example of attack
that is possible now, but won't be possible anymore using the scheme you
More information about the liberationtech