Handling a TOFU conflict

Andre Heinecke aheinecke at intevation.de
Fri Dec 9 23:29:17 CET 2016 

Hey neal

On Friday 09 December 2016 22:50:35 Neal H. Walfield wrote:
> Do you agree that we are trying to hinder active adversaries?  Or, are
> we only trying to protect users from passive adversaries?  If the
> former, what are the adversaries trying to do / what are they capable
> of?  Are they interested in forging messages (e.g., spear phishing)?
> Are they interested in conducting MitM attacks?  Do we assume that
> they are capable of owning the user's home router?  Or, can they only
> send emails?

Please stop this. I thought we had agreed that we need to think through how we 
want to use TOFU to assist a user and what the threats / attacks against tofu 
acutally are. And how we are trying to protect against these threats. I find 
your flood of questions (I still answer them below) an aggressive style of 
communication and you should not be suprised to get aggressive answers.

And regarding homographic attacks i think that you and werner (as I told you 
both in person today) are repeating the same arguments again and again where 
you could both agree that you disagree after hearing all the arguments the 
other side has to offer. Any repetion of that does not help either.

I'm trying (still not complete) to come up with a concept for tofu use in 
MUA's on:

https://wiki.gnupg.org/EasyGpg2016/AutomatedEncryption

We should work out attack trees / scenarios. That would be super helpful.

Fwiw: I'm totally on werner's side reagarding homgraphic attacks because I 
currently don't see them as a threat. But I am open for arguments :-)

> Do you agree that we are trying to hinder active adversaries?

Yes.

> Or, are  we only trying to protect users from passive adversaries? 

No.

> If the former, what are the adversaries trying to do / what are they capable
> of?  Are they interested in forging messages (e.g., spear phishing)?

Yes. They may even be convincing enough to go over "Key with enough history 
with basic trust" But we prevent that attack through organisational measures + 
including pgp.

> Are they interested in conducting MitM attacks?

Yes we want to protect against that, too.

> Do we assume that they are capable of owning the user's home router? 
> Or, can they only send emails?

I think both.

Regards, 
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

More information about the Gnupg-devel mailing list