End to End Encryption SIG - 2021-09-22


  1. moparisthebest has left
  2. moparisthebest has joined
  3. Seve has joined
  4. thilo.molitor has left
  5. thilo.molitor has joined
  6. DebXWoody has joined
  7. southerntofu has left
  8. DebXWoody has left
  9. Millesimus has left
  10. Millesimus has joined
  11. larma SCE isn't really common - so there is no common message format inside encrypted messages...
  12. larma except... MIME
  13. vanitasvitae Everybody loves MIME!!!
  14. Millesimus has left
  15. Millesimus has joined
  16. DebXWoody has joined
  17. Millesimus has left
  18. Millesimus has joined
  19. Millesimus has left
  20. Millesimus has joined
  21. belong has left
  22. belong has joined
  23. dequbed has left
  24. dequbed has joined
  25. vanitasvitae I'm facing a hen and egg problem using OpenPGP.
  26. vanitasvitae To utilize OpenPGP for Account wide identity key + per device keys, I'd like to have the device keys as subkeys of the account identity key. However, the device keys would usually again consist of a primary device key with subkeys (I want to be able to both sign and encrypt using the per-device keys).
  27. vanitasvitae As a consequence I'd need something along the lines of : Account Identity Key owns (Device Primary Key owns Device Encryption Subkey and Device Signing Subkey)
  28. vanitasvitae However, currently virtually no OpenPGP implementation supports subkeys of subkeys.
  29. vanitasvitae See https://gitlab.com/sequoia-pgp/weird-keys#results (cert-subkeys)
  30. vanitasvitae https://gitlab.com/sequoia-pgp/weird-keys#cert-subkeyspgp
  31. vanitasvitae So I'm thinking of manually establishing the subkey hierarchy by keeping the keys separate, but requiring implementations to check for subkey binding signatures.
  32. larma what is the purpose of the account identity key?
  33. larma i.e. how is it different from a device key?
  34. DebXWoody has left
  35. eab has left
  36. beforeigner larma: a device key is just for that one device. If you use 2 devices with same acc you have 2 device keys, an account key is for the account independent from the device.
  37. vanitasvitae The account key is used as long term identity
  38. larma but, isn't that account key not stored on a "device" (phone, computer, server, paper) and thus is just another device key?
  39. vanitasvitae And to certify device keys
  40. vanitasvitae It is
  41. larma so why do we need it?
  42. vanitasvitae But it is higher up in the hierarhy
  43. larma is it a hierarchy for the sake of having a hierarchy or does it actually make sense?
  44. vanitasvitae You dont want to have your account key on every device.
  45. larma but on some devices? or only a single device?
  46. vanitasvitae It is used as a single user identity. So that users dont have to individually trust X devixe keys
  47. vanitasvitae The identity key CAN be kept on a single trusted device, but could also be synced
  48. vanitasvitae Depends on users /clients preferences
  49. larma do I need the account key to add a new device?
  50. vanitasvitae Yes. That is if you want to include your new device in the set of trustworthy devices.
  51. vanitasvitae Clients should allow the user to further communicate with devices not yet certified by the account key.
  52. vanitasvitae But they should warn the user in that case.
  53. larma only once or persistently?
  54. larma I kinda feel there is some overengineering going on here.
  55. vanitasvitae Once
  56. vanitasvitae This is basically the Matrix trust model
  57. vanitasvitae And it seems to work for them
  58. vanitasvitae So 🤗
  59. larma not sure what you mean by works for them. they just store a single accounts key on the server that is password encrypted and most people just use the same password as their account password or something very close. when logging in from a new device they just have to enter their password twice
  60. larma but then you don't really need device keys anymore because effectively the account key is on every device
  61. larma but then you don't really need device keys anymore because effectively the account key is/was on every device
  62. vanitasvitae I'd model the sepc such that you CAN do what the matrix guys do, but allow for different schemes (offline account key)
  63. larma I mean, OMEMO TBFV seems to work as well. 90%+ don't verify at all and can be attacked under certain scenarios (active server side attack), but everyone gets the "feeling" of encrypted chats. Just like Matrix...
  64. vanitasvitae Yeah, but people always complain about fingerprints. An account key would reduce this situation to only a single fingerprint per contact + the fps of the users own devices.
  65. beforeigner > when logging in from a new device they just have to enter their password twice But you get an new aditional device key, and the list becomes longer and longer with every device change or new install of a client if you dont delete obsolete devices from your list.
  66. DebXWoody has joined
  67. Millesimus has left
  68. Millesimus has joined
  69. Millesimus has left
  70. Millesimus has joined
  71. Millesimus has left
  72. Millesimus has joined
  73. thilo.molitor has left
  74. thilo.molitor has joined
  75. belong has left
  76. belong has joined
  77. eab has joined
  78. Seve has left
  79. melvo has left
  80. melvo has joined
  81. melvo has left