Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hash Key User ID
Trust-less federation of client keys via hash in User ID.
Proposal
During signature verification, if the User ID matches the following pattern:
[a-z2-7]{16}//
Then decode it as:
base32(SHA3-PREFIX)//
Where:
//
is the 'magic string' identifier to differentiate from normal User IDsVerify that the SHA3 hash matches for all given signatures.
e.g.
This scheme is inspired by Tor rend-spec v2.
This addresses 13.11.2 Device verification.
Tradeoffs
Another solution would be to embed the Ed25519 key in the User ID, a la Tor rend-spec v3. However this would not support other key types and is much longer.
Potential issues
This requires clients to synchronize their keys across devices, which can be dangerous.
There is potential for conflicts with legitimate user names, however the
//
'magic string' exists to mitigate this to some extent.The
//
magic string might trip-up client parsing (maybe?), alternatives could be--
,==
,..
, etc.Security considerations
80 bits is probably sufficient (see Tor) to prevent impersonation. Keep in mind that a collision must be found while also generating a valid private key.
Conclusion
This proposal allows the use of untrustworthy federation servers without manually verifying device lists and keys.
Signed-off-by: Zolmeister zolikahan@gmail.com