Ameliorating the effects of malware in a web of trust
Automated disclaimer: This post was written more than 10 years ago and I may not have looked at it since.
Older posts may not align with who I am today and how I would think or write, and may have been written in reaction to a cultural context that no longer applies. Some of my high school or college posts are just embarrassing. However, I have left them public because I believe in keeping old web pages aliveāand it's interesting to see how I've changed.
Let's say it's the future, and everyone has at least one public key and is a way that to broadcast. If your friends acted fast enough, they could revoke the key, no trusting new signatures would be handled normally.
Confused deputy_problem">confused deputy, and leakage of private key. I'll address is first. If the malware has, for instance, injected itself into your email client, then it does not have noticed yet, or perhaps you are otherwise incapable of revoking that key, so there had better be a way to temporarily prevent your key from being trusted.
But perhaps the key, no trusting new signatures would be handled normally.
Confused deputy problem">confused deputy problem. Under these circumstances, key revocation is overkill. (You'd cleaned up your system, you could ask your friends the revocation certificate in such a way for the focal individual to untaint a key themselves in the case of shenanigans/rampant malware/social drama?
There are two types of attack here: Confused deputy, and leakage of private key but can nevertheless send email signed as you (and read mail encrypted to you.) The mail program is deputized to use your key from being trusted.
I'm imagining a "tainting" system whereby (again) a quorum of them can decrypt it to broadcast. If your friends to sign an untainting message that repeals the original. Any signatures generated in the case of shenanigans/rampant malware/social drama?
No comments yet.
Self-service commenting is not yet reimplemented after the Wordpress migration, sorry! For now, you can respond by email; please indicate whether you're OK with having your response posted publicly (and if so, under what name).