Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • briar briar
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 786
    • Issues 786
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 9
    • Merge requests 9
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • briar
  • briarbriar
  • Issues
  • #256

Closed
Open
Created Feb 18, 2016 by akwizgran@akwizgranOwner

Verify and bind long-term public keys when adding contacts

Design a protocol for verifying and binding long-term public keys when adding contacts directly or via introductions.

The current Bluetooth protocol does this by generating two nonces from the ephemeral shared secret - each party signs one of the nonces. We could use a similar approach for the new protocols, or an approach based on triple Diffie-Hellman.

Identities already have long-term signature keys but they don't have long-term DH keys, so if we use 3DH we either need to be sure it's safe to reuse the signature keys as DH keys, or we need to extend the identity object with a long-term DH key, signed with the long-term signature key. This has the disadvantage of committing us to a DH primitive for the long term.

Using signatures would make the key exchange undeniable, but it's debatable whether that matters in practice.

Assignee
Assign to
Time tracking