nextleap-project / countermitm

thoughts on countering mitm-attacks on autocrypt
15 stars 5 forks source link

lock keys for verified contacts and groups #51

Closed azul closed 6 years ago

azul commented 6 years ago

49 made it clear that we have not spelled this out.

I think we need to actually lock the keys to uphold the security properties in the face of active attacks such as fabricated Autocrypt headers.

azul commented 6 years ago

@carmelatroncoso @r10s @hpk42 I moved the discussion to a separate section and wrote a new proposal. What do you think?

r10s commented 6 years ago

@azul looks good to me now