Closed ekr closed 8 months ago
@bifurcation
The last line is the problem here:
Both of these properties are satisfied even against compromised DSs and ASs.
Unless the AS is using Key Transparency, it can produce fake credentials for all the members of a group and impersonate or eavesdrop as much as it pleases.
However, as long as the AS and DS are not compromised, then an attacker that steals Alice's credential and issues its own Update will lock Alice out. The attacker gains nothing from locking Alice out (they can already impersonate her), and potentially makes Alice aware of the compromise.
I think this is enough, but please feel free to propose something else if that's not the case. https://github.com/mlswg/mls-architecture/commit/2b195434f4d991155ea95a0361cdea8ef603a562
Handled suggestion from Ekr's review in https://github.com/mlswg/mls-architecture/commit/167754b02bd965b81c3560b2079c5210a781bed0
I see how this works with a compromised DS, but can't the AS effectively revoke Alice's original credential and issue it to someone else, who then does their own update, locking Alice out, and not providing PCS