On Fri, Dec 19, 2014 at 2:47 PM, Joseph Bonneau <[email protected]> wrote: > > On Fri, Dec 19, 2014 at 5:35 PM, Trevor Perrin <[email protected]> wrote: >> >> If Bob lies to his girlfriend Alice and give her Charlie's fingerprint >> and phone number, Bob doesn't need to register anything. > > I guess there are two types of attack: > > In the first one Bob and Charlie both have accounts (separate usernames), > and Bob changes to have Charlie's key fingerprint then tries to redirect > Alice's message to Charlie. I was arguing you can prevent this version > fairly cheaply in a centralized service by preventing key fingerprint > collisions.
A service can prevent this even more cheaply by not allowing Bob to redirect Alice's messages. > In the second, Bob has no account. He tells Alice that Charlie's username X > is really his (and perhaps even has Charlie's QR code on his screen so Alice > is convinced she's "verified" that Bob really owns X). Fixing that probably > requires the verification is a challenge-response proving knowledge of the > private keys as the authors of the paper suggested and I agree that's > probably not worth it. Yeah, it's not worth it (IMO) and isn't a certain fix (Bob can relay the challenge-response through someone else querying Charlie). Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
