End to End Encryption SIG - 2021-09-22

  1. moparisthebest has left

  2. moparisthebest has joined

  3. Seve has joined

  4. thilo.molitor has left

  5. thilo.molitor has joined

  6. DebXWoody has joined

  7. southerntofu has left

  8. DebXWoody has left

  9. Millesimus has left

  10. Millesimus has joined

  11. larma

    SCE isn't really common - so there is no common message format inside encrypted messages...

  12. larma

    except... MIME

  13. vanitasvitae

    Everybody loves MIME!!!

  14. Millesimus has left

  15. Millesimus has joined

  16. DebXWoody has joined

  17. Millesimus has left

  18. Millesimus has joined

  19. Millesimus has left

  20. Millesimus has joined

  21. belong has left

  22. belong has joined

  23. dequbed has left

  24. dequbed has joined

  25. vanitasvitae

    I'm facing a hen and egg problem using OpenPGP.

  26. vanitasvitae

    To utilize OpenPGP for Account wide identity key + per device keys, I'd like to have the device keys as subkeys of the account identity key. However, the device keys would usually again consist of a primary device key with subkeys (I want to be able to both sign and encrypt using the per-device keys).

  27. vanitasvitae

    As a consequence I'd need something along the lines of : Account Identity Key owns (Device Primary Key owns Device Encryption Subkey and Device Signing Subkey)

  28. vanitasvitae

    However, currently virtually no OpenPGP implementation supports subkeys of subkeys.

  29. vanitasvitae

    See https://gitlab.com/sequoia-pgp/weird-keys#results (cert-subkeys)

  30. vanitasvitae


  31. vanitasvitae

    So I'm thinking of manually establishing the subkey hierarchy by keeping the keys separate, but requiring implementations to check for subkey binding signatures.

  32. larma

    what is the purpose of the account identity key?

  33. larma

    i.e. how is it different from a device key?

  34. DebXWoody has left

  35. eab has left

  36. beforeigner

    larma: a device key is just for that one device. If you use 2 devices with same acc you have 2 device keys, an account key is for the account independent from the device.

  37. vanitasvitae

    The account key is used as long term identity

  38. larma

    but, isn't that account key not stored on a "device" (phone, computer, server, paper) and thus is just another device key?

  39. vanitasvitae

    And to certify device keys

  40. vanitasvitae

    It is

  41. larma

    so why do we need it?

  42. vanitasvitae

    But it is higher up in the hierarhy

  43. larma

    is it a hierarchy for the sake of having a hierarchy or does it actually make sense?

  44. vanitasvitae

    You dont want to have your account key on every device.

  45. larma

    but on some devices? or only a single device?

  46. vanitasvitae

    It is used as a single user identity. So that users dont have to individually trust X devixe keys

  47. vanitasvitae

    The identity key CAN be kept on a single trusted device, but could also be synced

  48. vanitasvitae

    Depends on users /clients preferences

  49. larma

    do I need the account key to add a new device?

  50. vanitasvitae

    Yes. That is if you want to include your new device in the set of trustworthy devices.

  51. vanitasvitae

    Clients should allow the user to further communicate with devices not yet certified by the account key.

  52. vanitasvitae

    But they should warn the user in that case.

  53. larma

    only once or persistently?

  54. larma

    I kinda feel there is some overengineering going on here.

  55. vanitasvitae


  56. vanitasvitae

    This is basically the Matrix trust model

  57. vanitasvitae

    And it seems to work for them

  58. vanitasvitae

    So 🤗

  59. larma

    not sure what you mean by works for them. they just store a single accounts key on the server that is password encrypted and most people just use the same password as their account password or something very close. when logging in from a new device they just have to enter their password twice

  60. larma

    but then you don't really need device keys anymore because effectively the account key is on every device

  61. larma

    but then you don't really need device keys anymore because effectively the account key is/was on every device

  62. vanitasvitae

    I'd model the sepc such that you CAN do what the matrix guys do, but allow for different schemes (offline account key)

  63. larma

    I mean, OMEMO TBFV seems to work as well. 90%+ don't verify at all and can be attacked under certain scenarios (active server side attack), but everyone gets the "feeling" of encrypted chats. Just like Matrix...

  64. vanitasvitae

    Yeah, but people always complain about fingerprints. An account key would reduce this situation to only a single fingerprint per contact + the fps of the users own devices.

  65. beforeigner

    > when logging in from a new device they just have to enter their password twice But you get an new aditional device key, and the list becomes longer and longer with every device change or new install of a client if you dont delete obsolete devices from your list.

  66. DebXWoody has joined

  67. Millesimus has left

  68. Millesimus has joined

  69. Millesimus has left

  70. Millesimus has joined

  71. Millesimus has left

  72. Millesimus has joined

  73. thilo.molitor has left

  74. thilo.molitor has joined

  75. belong has left

  76. belong has joined

  77. eab has joined

  78. Seve has left

  79. melvo has left

  80. melvo has joined

  81. melvo has left