-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/07/12 00:11, Brian Warner wrote:
> I'm most interested in using the invitation code to also
> *establish* a channel, since for things like Tahoe, there's nothing
> to bootstrap from. If the Tahoe client were also an IRC client, or
> an MUA, then
On 7/11/12 10:01 AM, Michael Rogers wrote:
> If we can assume a bidirectional A-but-not-C channel (such as voice)
> for exchanging confirmation codes, we could use the following
> protocol, which is based on ZRTP's key agreement protocol:
That sounds pretty similar to Hoepman's A+A protocol, alth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Brian,
Thanks for the links to Hoepman, Payrin and Vaudenay - very useful!
On 02/07/12 03:35, Brian wrote:
> So, I'm looking for some compromise.. something that is generally
> secure enough, but usable enough to actually get used (which, in my
>
On 6/14/12 2:10 PM, Michael Rogers wrote:
> On 13/06/12 07:59, Brian Warner wrote:
>> Assuming that Alice and Bob have some way to transfer 16 bytes
>> securely is part practicality and part pragmatism. The practical part
>> is that a targeted attacker (one who knows Alice and Bob and
>> specifica
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/06/12 07:59, Brian Warner wrote:
> Assuming that Alice and Bob have some way to transfer 16 bytes
> securely is part practicality and part pragmatism. The practical
> part is that a targeted attacker (one who knows Alice and Bob and
> specificall
On 6/11/12 3:54 AM, Michael Rogers wrote:
>
> You assume the invitation code remains secret until Alice and Bob have
> completed the protocol, but may be discovered later. Is that a safe
> assumption for email, IM, postcards, etc? Later, in the attacks
> section, you assume Mallory can eavesdrop o
On 11/06/12 01:15, Brian Warner wrote:
> ## Attacks [against the first protocol]
>
> The best attack is for Mallory to find a pre-image of the public
> ChannelID, allowing her to forge the HMAC and get Bob (and then Alice)
> to accept an alternate msg1. With a 128-bit IC, this attack ought to
> re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Brian,
You assume the invitation code remains secret until Alice and Bob have
completed the protocol, but may be discovered later. Is that a safe
assumption for email, IM, postcards, etc? Later, in the attacks
section, you assume Mallory can eavesd
So in my previous email I mentioned the need for an Invitation protocol.
The idea is to allow someone who's in a Tahoe grid to type:
tahoe admin invite Bob
# -> "ixyn6bxeq6ydr3us6k3emwa23yq"
and get back a short "Invitation Code",$IC. Then they deliver this to
someone else, via some out-of-band
