giving capabilities in ClaimChains

nextleap-project / countermitm

thoughts on countering mitm-attacks on autocrypt

15 stars 5 forks source link

giving capabilities in ClaimChains #47

Closed carmelatroncoso closed 6 years ago

carmelatroncoso commented 6 years ago

The text used to read:

It will grant capabilities to all these claims for the recipients of the email and itself.

It is not clear what are "all" those claims. I substituted by: "Then, if they did not exist already, the client will grant capabilities to the recipients for the claims concerning those recipients. In other words, it will provide the recipients with enough information to learn each other keys and ClaimChain heads." but I do not know if this fits your idea/implementation

For the capabilities to one-self, how is the DH key defined?

azul commented 6 years ago

@carmelatroncoso, your substitution captures exactly what i meant. Thanks.

For the capabilities for oneself @misaakidis recently implemented a 'shortcut' that allows the owner of the chain to read all claims. I think this is based on the knowledge of the private keys for the vrf and encryption. The coresponding commit is here: https://github.com/claimchain/claimchain-core/commit/d94bb9b7c823a26d6b8bddf56cde9e4c10ed8069

azul commented 6 years ago

One related thing comes to my mind... Right now we are not removing the capabilities when we construct new blocks. We basically build up the state by adding claims and capabilities and then commit them and continue by adding more claims and capabilities. This allows recipients to follow the development of other recipients keys in my chain.

Fixing this is captured in this issue: https://github.com/nextleap-project/muacryptcc/issues/20

carmelatroncoso commented 6 years ago

@azul I understood that this "always" keeping capabilities was your way to avoid equivocation accross blocks. It has the problem of revealing key updates, but so far we do not have other way of doing that in a privacy preserving way

azul commented 6 years ago

@carmelatroncoso Yes. If I have a claim about your key I should also always add a capability for you to check it. If you notice my claim changed that should have no privacy implications as there are two ways for me to update your key:

If you send me the new one directly you should already know you did.
If I see a new key in gossip you should also be in the CC list of that mail. So you will also know i received it.

However right now we are also keeping the capabilities for others that i gossiped your key to. There's no need for that. Holger does not need to check if i start claiming that you have a new key. And this in fact would have privacy implications.