Closed ache closed 4 years ago
Well communication should stay simple even encrypted. Could you provide better solution instead of just "remove"?
The only solution so far is not pass the public keys or fingerprints on the same communication channel (because they can be replaced on the fly for both parties at once on initial exchange). The whole world don't invent anything better yet. The same is true f.e. for Watsapp, Signal, OMEMO and other E2E protocols, read this https://maqp3d.wordpress.com/2015/09/28/whatsapp-vs-textsecure-a-closer-look-at-axolotl/
Do you suggest to implement alternative channel in Psi+?
I agree and there is no exception here. But people love simplicity that's why it sometimes better to allow them to do that weird thing. Of course Psi can show some big warning about possible risks and yes we could think about automation of key exchange with these alternate channels. But just removing. hmm..
As alternative channels I mean E-mail (attachment with password) or reading first digits of the key fingerprint through the phone, f.e. Any alternative channel goes through the same server is not trusted. Of course you can try to use steganography, mixing the key into some picture, but as long as MitM don't understand its algo, which is pretty easy for open source product.
File exchange services can also act like alternative channels (archived with password to bypass evil provider), but even being without registration, they tend to change their interface or shut their service completely, so no full automation again.
Anyway removing option is very bad solution.
Even without option everybody can just copy&paste his public key via normal jabber message, nothing currently prevents it. In the good case Psi+ can detect PGP key material (it is easy) and issue confirmation message describing risks to the user trying to do it.
that's right
wontfix
This is for security reasons. It is not safe to pass even public keys in the same communication channel because evil jabber server or evil provider can act like MitM and replace them on the fly for both parties, acting then like client for them all, making valid PGP sessions with both parties with ability to decrypt traffic using its own public keys while sending by stored original public keys.