[Commotion-dev] SPAN Android App

[Jeremy Lakeman]

On Tue, Oct 16, 2012 at 10:48 AM, Michael Rogers
<michael at briarproject.org> wrote:
> This sounds like a really exciting piece of infrastructure, but if all
> I have is someone's phone number, how can I authenticate the data I
> retrieve from the directory (which I guess would include the person's
> public key)? What's to stop someone else from storing their public key
> under my phone number, or replacing my public key with their own when
> forwarding a directory response?

We may charge a token fee for registration, probably similar to the
cost of a dns name. Or we could charge for an identity verification
process where we send you a text message to confirm your control of a
phone number. Either of these approaches should help to dampen the
potential impact of spamming the phone number directory.

Though the technical details of the implementation are still up in the
air. I have thought about publishing phone number mappings via a hash
of the number and the current time to the nearest 12 hours or so. The
back end storage system then doesn't have the time to keep rebuilding
rainbow tables in order to work out what phone numbers have been
published.

Without any form of verification, you have to assume anyone could be
snooping via a man-in-the-middle attack. If you're happy to
communicate, knowing that a government or other attacker could be
listening, we're not going to stop you. Our current plan is to play a
beep periodically during a voice call, to indicate that the channel's
security has not been confirmed and might be recorded.

Once you've verified keys with someone, we expect you to initiate
communications using the keys themselves, without repeating the phone
number lookup.