Open martinthomson opened 8 years ago
I'm not sure how to fix this. We can say that collaborators engaging in key exfiltration may use either covert channels within the protocol or methods out-of-band to the protocol. I think the statement was intended to cover the first case only, as the collaborator didn't want to create a (potentially detectable) trail of messages to the attacker. In that case, the collaborator does seem to need a covert channel within the protocol to allow the on-path attacker to have access to the information needed. Am I missing something here?
I think that I might suggest removing the paragraph entirely. Covert channels exist in almost every protocol that I've looked at but we haven't any good evidence that they are used. It's just so much easier to use encryption straight up, or do things like use the drafts folder of a shared email service. For exfiltrating keys, I think that this is pure spy novel stuff.
...aren't really a necessary prerequisite for dynamic exfiltration:
I can devise a scheme that doesn't rely on the existence of a covert channel. The risk here is that a statement in this form suggests that eliminating covert channels is a worthwhile task. The document should identify active cooperation with an attacker as a lost cause and leave it at that.
(Then we wouldn't have to find citations for the statements regarding the existence of covert channels in popular protocols. I'm sure it's true, but it's currently an unsubstantiated claim.)