Do we need a revocation mechanism or remote-destruction? Is it helpful?
Hi! I found this ancient thread:https://sourceforge.net/p/briar/mailman/briar-devel/thread/4F33A780.8050705%40gmx.com/#msg28809772
(Starting a new thread for this because the old thread was getting frayed.)
On 09/02/12 03:14, awgh wrote:
- Cert revocations are signed with the cert they're revoking. If that cert isn't in the local table, this is one string compare. Not much of a DoS.
Cool, I think we have the beginnings of a design here. Thanks Ben!
Each user creates a personal keypair (this is separate from any pseudonyms she may create).
The user creates a revocation certificate and signs it with the private key.
The user applies a secret sharing algorithm to the revocation certificate. She chooses a few trusted friends and sends each friend a SAVE_SHARE message, which contains a share of the revocation certificate and the ID of the key.
The user creates a KEY_ID message containing the ID of the key and sends it to any contacts who didn't receive shares.
If a friend thinks the user's key has been compromised, she creates a REVOKE_SHARE message containing her share of the certificate and the ID of the key. She stores the message and sends it to all her contacts.
If a user receives a REVOKE_SHARE message and recognises the ID, she stores the message and forwards it to all her contacts.
If a user receives enough shares to reconstruct the revocation certificate, she considers the key revoked. She creates a REVOKE_CERT message containing the certificate, stores the message and sends it to all her contacts.
If a user receives a REVOKE_CERT message and recognises the ID, she considers the key revoked, stores the message and forwards it to all her contacts.
Does this look like a reasonable start?
Cheers, Michael
I know that a lot has changed since then. But do we need a revocation mechanism in Briar now?
It also made me think: Is a remote-identity-destruction-mechanism helpful? (If the phone gets into the wrong hands and the phone can still access another contact some way - that contacts can together derive a revocation-key which tells the phone to delete the Briar-Identity?) Or is that remote-mechanism more in the scope of a panic-button-app?