[liberationtech] My design to implement PGP in commercial email system

Percy Alpha percyalpha at gmail.com
Tue Jul 30 21:06:43 PDT 2013 

Percy Alpha(PGP <https://en.greatfire.org/contact#alt>)
GreatFire.org Team


how does a browser know if this is the first time or the second one?

> What I mean is:
> 1) Alice wants to send an mail to Bob. It's the first time, so she
> retrieves B's key and signs it
> 2) in a different session (ie: in a different browser) Alice sends an
> email to Bob. It retrieves B's key, but Mallory does mitm and gives a
> different key; let's call M(B) that key; there is no signature on it, so
> A thinks it's the first time, and accepts the key and signs it.
>
> at that point, the mitm even received a signature from A!
>
The signed contact list  should be protected and authenticated the same way
as user's secret key is protected and authenticated. So in a different
session, A will download the contact list first and match the existing
ones.

You said earlier using password to encrypt the secret key and verify it is
not a good security practice. But I assume there's some function in
cryptography that can verify the authenticity of the encrypted secret key
since you know the encrypted password but Google doesn't.


Also, the application code (that is, javascript) is provided by Google
> itself, so the second time it could just be changed to behave in a
> completely different way without Alice ever noticing it; this can be
> done both by google and by a mitm.
>
I guess a browser plug-in(open-source) is necessary. Anyone can download
without logging in; this prevents targeted attack. (say plug-in is
distributed through Mozilla and signed by Google). The distribution page
should not be able to distinguish individual users. Users is subject to
compromised code the first time he installs the plug-in. (Advanced users
can simply put the installer file on flash disk, if he wants to use a new
computer.) We still put some minimal trust on Google. But Google should not
have any existing criteria to decide which users to spy on while the scheme
will quickly unveil if Google tries to spy on all new users.


But even Google talk sometimes requires pulg-in, I think the additional
click is relatively easy and pain-free even for common users.


>
> I think I missed the point; could you clear out an example of attack
> that is possible now, but won't be possible anymore using the scheme you
> proposed?
>
I want to find a way such that email provider cannot read your emails. Or
at least make such action both technically and legally unfeasible(only
possible to spy on an existing users, if Google is forced to spy on all new
users and the existing user is downloading the plug-in again ).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130730/10fff7fc/attachment.html>

More information about the liberationtech mailing list