added more text

master
Bernie Hoeneisen 4 years ago
parent 13a6bd76bf
commit 2899d5e044

@ -140,30 +140,42 @@ This section makes use of interaction states as defined in {{interaction-states}
## Trust Management
* Trust of peer is established by using Trustwords
(cf. {{I-D.marques-pep-handshake}} and {{I-D.birk-pep-trustwords}})
* Trust rating of a peer is updated (locally) when:
* Public Key is received the first time
* Trustwords have been compared sucessfully and confirmed by user
* Trust of a peer is revoked
* Trust is synchronized among different devices of the same user
### Preconditions for Trust establishment
The following explains the precondition for establishing trust, also
making use of the interaction states defined in
{{interaction-states}}.
* Peer's Public Key not available:
* Interaction States 1, 2a, and 3a
* No trust can be established
* Peer's Public Key available, but not trusted:
* Interaction States 2b, 4, 5a
* Trust may be established by using fingerprints (Note: Not part of pEp)
* Trust may be established by using fingerprints (beyond the
scope of this document)
* Interaction States 4, 5a
* Trust may be established by using trustwords (cf. {{I-D.marques-pep-handshake}})
* Trust may be established by using trustwords
* Peer's Public Key available and trusted
* Interaction States 3b, 5b, 6
* Trust rating of a peer is updated (locally) when:
* Public Key is received the first time
* Trustwords have been compared sucessfully and confirmed by user
* Trust of a peer is revoked
* Trust is synchronized among different devices of the same user
* Trust has been established before
## Key Management
* New Key pair is generates automatically (if none found) at startup
* New Key pair is generated automatically (if none found) at startup
* Private Key is synchronized among different devices of the same user
@ -176,11 +188,21 @@ This section makes use of interaction states as defined in {{interaction-states}
* Public Key is marked invalid after receiving a key reset message
## User Interface
* Need for user interaction is kept to the minimum neecessary
* The privacy status of a peer is presented to the user by a color rating
* The privacy status of a message is presented to the user by a color rating
# Threat Anlyses
* The color rating is defined by a traffic-light semantics
# Threat Analyses
This section describes a set of possible threats. Note that not all threats
can be addressed, due to conflicting requirements.
## Threat Model
@ -189,11 +211,71 @@ lorem ipsum
## Privacy Threats
### Linkability
lorem ipsum
### Identifiability
lorem ipsum
### Non-Repudiation
lorem ipsum
### Detectability
lorem ipsum
### Information Disclosure
lorem ipsum
### Content Unawareness
lorem ipsum
### Policy and Consent Noncompliance
lorem ipsum
## Security Threats
### Spoofing
lorem ipsum
### Tampering with Data
lorem ipsum
### Information Disclosure
lorem ipsum
### Repudiation
lorem ipsum
### Denical-of-Service
lorem ipsum
### Elevation of Privilege
lorem ipsum
@ -201,7 +283,7 @@ lorem ipsum
## Functional Requirements
lorem ipsum
see above (?)
## Privacy Requirements
@ -253,5 +335,4 @@ lorem ipsum
\[\[ RFC Editor: This section should be empty and is to be removed
before publication \]\]
* lorem ipsum
* Add references to used materials (in particular threat analyses part)

Loading…
Cancel
Save