On Fri, Dec 19, 2014 at 1:28 PM, Joseph Bonneau <[email protected]> wrote: > > I had a simple thought reading this paper: why not have the server simply > reject a user from ever attempting to register a key with the same > fingerprint as a key anybody else has already registered? That would block > UKS attacks (modulo server collaboration)
If Bob lies to his girlfriend Alice and give her Charlie's fingerprint and phone number, Bob doesn't need to register anything. Alice will simply text "I love you" thinking it's going to Bob, but instead it will confuse Charlie. I've argued this is a trust problem more than a technical one - if Alice trusts someone to give her Bob's information, she's at risk of being lied to. If Bob only lies about his fingerprint, not his phone number, then the server would have to collude to misroute the message to Charlie, so a server-side check doesn't add much value. > if two users choose the same key accidentally > something has probably gone horribly wrong entropy-wise and it would be > worthwhile to detect that. Agreed that scanning for public-key collisions has value to detect bad RNGs. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
