|
|
|
|
@ -1941,8 +1941,20 @@ KeySync_event_Extra = Extra
|
|
|
|
|
|
|
|
|
|
# Security Considerations
|
|
|
|
|
|
|
|
|
|
\[\[ TODO \]\]
|
|
|
|
|
The KeySync protocol assumes end-device security to be given and that
|
|
|
|
|
Internet users presented with Trustwords engage in comparing them manually.
|
|
|
|
|
|
|
|
|
|
If an attacker gains possession to a device which is configured to receive
|
|
|
|
|
messages for a pEp identity, the attacker can start to build own Device Groups
|
|
|
|
|
as long as the legitimate user does not stop the attacker to have read access
|
|
|
|
|
to the respective channel (e.g., in email: to the mailbox) -- to read Beacon
|
|
|
|
|
messages; this allows an attacker to create at least some kind of disturbance
|
|
|
|
|
towards Sole Devices and already existing Device Groups.
|
|
|
|
|
|
|
|
|
|
In case an attacker gains possession of a device which is already grouped,
|
|
|
|
|
such an attacker get into a MITM position allowing to impersonate a user as long
|
|
|
|
|
as the legitimate user does not manage to stop the attacker to use the
|
|
|
|
|
respective account (e.g., in email: by changing access credentials).
|
|
|
|
|
|
|
|
|
|
# Privacy Considerations
|
|
|
|
|
|
|
|
|
|
@ -1960,14 +1972,13 @@ This document has no actions for IANA.
|
|
|
|
|
# Acknowledgments
|
|
|
|
|
|
|
|
|
|
The authors would like to thank the following people who have provided
|
|
|
|
|
significant contributions to the development of this document:
|
|
|
|
|
Volker Birk \[\[ TODO \]\]
|
|
|
|
|
significant contributions to actual Running Code and the development of this
|
|
|
|
|
document: Volker Birk \[\[ TODO \]\]
|
|
|
|
|
|
|
|
|
|
<!-- Note: Order according "importance" of contribution -->
|
|
|
|
|
|
|
|
|
|
Furthermore, the authors would like to thank the following people who
|
|
|
|
|
who provided helpful comments and suggestions for this document:
|
|
|
|
|
Kelly Bristol \[\[ TODO \]\]
|
|
|
|
|
Furthermore, the authors would like to thank the following people who provided
|
|
|
|
|
helpful comments and suggestions for this document: Kelly Bristol \[\[ TODO \]\]
|
|
|
|
|
|
|
|
|
|
<!-- Note: Order alphabethically by first name -->
|
|
|
|
|
|
|
|
|
|
@ -1994,13 +2005,12 @@ reference implementation pEp engine (C99 programming language).
|
|
|
|
|
* draft-hoeneisen-pep-keysync-00:
|
|
|
|
|
* Initial version
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Open Issues
|
|
|
|
|
|
|
|
|
|
\[\[ RFC Editor: This section should be empty and is to be removed
|
|
|
|
|
before publication \]\]
|
|
|
|
|
|
|
|
|
|
* resolve TODO's
|
|
|
|
|
* Resolve TODOs
|
|
|
|
|
|
|
|
|
|
* Add reference (section?) to sync code
|
|
|
|
|
|
|
|
|
|
|
