[Commotion-dev] Serval security summary
Hans-Christoph Steiner
hans at guardianproject.info
Wed Apr 4 20:05:25 UTC 2012
On Apr 3, 2012, at 5:28 PM, Nathan of Guardian wrote:
> Josh King <joshking at newamerica.net> wrote:
>
>> I just wanted to share out a document for discussion that I got a while
>> back and have been meaning to send out, namely a summary of some of the
>> security architecture that the Serval Project is working on for
>> Commotion. It's just a general summary at this point, but there will be
>> more forthcoming.
>
> Just scanned through it, and it is promising. Regarding the DH verification, we have been working on this at Guardian within our Gibberbot secure chat app. We have recently.implement the Socialist Millionaire Protocol for OTR and it works great. In addition, we are looking at linking your OTR key as a subkey of an on-device GPG key, such that the chat based verification can extend to other types of keys and methods of communications. We would love to think about how this might support the verification process in a crypto mesh.
>
> You can learn more at https://guardianproject.info/wiki/PSST
This blog post is a good place to get some background about how we are approaching the problems of identity and crypto:
https://guardianproject.info/2012/03/19/on-verifying-identity-using-cryptography/
The grand idea is to use all available methods of verifying identity and cryptographically linking them together. We're currently thinking that GnuPG would be at the core of this, then a person's keys like OTR, TLS, etc., would be subkeys of their GPG key. This is strongly related to the core idea of the Monkeysphere project.
.hc
More information about the Commotion-dev
mailing list