[ticker-dev] ticker-3.0 spec - Replace on Message ID ( Keys ??)

[Ian Lister]

On Tue, 9 Apr 2002, David Arnold wrote:
>i couldn't figure out a way to do an in-band rekey over a federation
>-- a man-in-the-middle attacker could race the legitimate re-key
>packet with a malicious re-key packet, and since we don't guarantee
>total ordering, the nastygram could win :-(

What's the problem with rekeying? As long as you have one key left (the
original seed or its first generation) you can send a verifiable new key,
no? There is of course a problem if you miss any notifications...

>  Martin> Basically i was thinking along the lines of a digital
>  Martin> signature. the signatures should match before replacement is
>  Martin> done.
>
>but if i can receive the first signature, then i can simply dump those
>bytes into a bogus message.  you need to have some content to sign
>which varies in a way which only the sender can predict, and the
>receiver can verify in-band.
>
>of course, if you're prepared to do an out-of-band signature
>verification, then the problem evaporates.  you simply sign all
>messages.

You don't need to do it out of band. You just send your public key with
your messages and consumers can verify that subsequent messages were
signed by an entity holding the same private key as that which signed the
first message.

>if you trust the first message, why would you not trust a replacement
>with equivalent "credentials" ?

I may be happy to receive it, but not necessarily for it to destroy or
cause another message to be obscured.

Ian