If we want trusted, distributed communications, we need cryptographic identities for users. If we want it to be *safe*, it needs to be easy for users to respond when (not if!) a key is compromised. And they need to be able to use both more and less safe devices, because life.

What sort of cryptographic identity system should be used? Are there any implementations I should look into?


In particular, I'm wondering if Keybase's v2 key model is a good idea: keybase.io/blog/keybase-new-ke

For the purposes of this thread, I don't care about the social media/domain ownership side of things, just the key management—device keys, paper keys, the bidirectional trust thing. (Maybe also the blockchain part, if it seems necessary.)

I'm interested particularly in how hard it is for both users and developers to fuck it up, from a crypto-pragmatics perspective.

@varx my first question is - how does revocation work?

@jerger My understanding is that with Keybase, revocations are published to the same Merkle DAG as keysignings, and they periodically put a pointer to the latest Merkle root into the Bitcoin blockchain.

My own preference would be to do a limited-degree floodfill, where you announce your revocation to your contacts, and they boost that revocation, out to (let's say) 3 degrees. I can imagine other approaches, too.

@varx did some documentation reading ... they did not describe the revocation process ...

@jerger I'm curious about that as well. For instance, does revocation of a link have to be done by one member of the link, or can it be done by any key in the graph? If a graph is partitioned, which side do you trust?

And revocations can be anything from precautionary "I lost my phone" to "WARNING, my laptop and phone were both compromised, but the attacker signed their own keys on first!"

Probably the correct approach is that as soon as any revocation is observed, ask the user how to proceed.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.