[liberationtech] My design to implement PGP in commercial email system

[boyska]

On 30/07/2013 02:10, Percy Alpha wrote:
> To boyska,
> 
>>
>> but what if Gmail provides a fake key for B? Why should you
>> automatically trust that key?
>>
>> Also, I miss the point of signatures: A signs B's key, but noone cares
>> about that signature in that scheme. Am I missing something?
>>
> 
> "At first time, B's public key will be downloaded from Google and signed by
> A.". "Any subsequent times, A also verifies the authenticity of B's key".

how does a browser know if this is the first time or the second one?
What I mean is:
1) Alice wants to send an mail to Bob. It's the first time, so she
retrieves B's key and signs it
2) in a different session (ie: in a different browser) Alice sends an
email to Bob. It retrieves B's key, but Mallory does mitm and gives a
different key; let's call M(B) that key; there is no signature on it, so
A thinks it's the first time, and accepts the key and signs it.

at that point, the mitm even received a signature from A!

Also, the application code (that is, javascript) is provided by Google
itself, so the second time it could just be changed to behave in a
completely different way without Alice ever noticing it; this can be
done both by google and by a mitm.

> I'm targeting the common people(email provider to the common people),not
> the existing PGP users.

I think I missed the point; could you clear out an example of attack
that is possible now, but won't be possible anymore using the scheme you
proposed?

-- 
boyska