Hacker News new | past | comments | ask | show | jobs | submit login
Security Through Transparency (googleblog.com)
167 points by maxerickson on Jan 12, 2017 | hide | past | favorite | 38 comments



> The relationship between online personas and public keys should be automatically verifiable and publicly auditable.

This description sure sounds like exactly what https://keybase.io provides.


I just got an invite to Keybase. Is there a reason why

1. it's invite based?

2. it supports very few external services that you can verify (I can't figure out a way to verify LinkedIn or Gitlab for instance) ?


I don't really have a good answer for you. Invite-based services are a good way to scale out without getting a huge spike all at once (even Gmail was introduced using invites), but I don't know how long Keybase intends to stick with the invite model or when they'll expand it.

As for services, each service that's supported presumably needs custom code, and also needs to have a publicly-auditable way to post a proof that cannot be done by anyone other than the owner of the account (e.g. for Twitter you need to actually tweet something, for GitHub you need to post a gist, etc). I don't have a LinkedIn account or use GitLab so I don't know if those services have an effective way to handle such a proof.

For reference, here's a ticket asking for LinkedIn support - https://github.com/keybase/keybase-issues/issues/1115. Here's one for GitLab - https://github.com/keybase/keybase-issues/issues/1242 - which documents some barriers there (such as no API to get GitLab snippets).


Can't upvote this enough!

I even wrote a prototype chrome extension for a few friends and myself: http://lettergram.github.io/AnyCrypt/

I love the idea of keybase, I just wish it was used by more people.


Off-topic: I have 10 Keybase invites — does anybody want or need one?


Unless I'm missing something, an invite is not need to use Keybase.


Yes it is to skip the long line, although there are semi-secret invite codes that can be used infinitely.


Sure! Email in profile.


Yes, please.

My email is in my profile.


I'd like one :)


This is awesome! I was at bar with a group of security people / cryptographers during the Real World Crypto conference last week. We were discussing what we thought some of the most important security research papers from the last five years were. Everyone agreed that CONICKS (which is what Key Transparency is based on), will likely have a huge impact in the next five years or so. I'm excited to see Google finally open-sourcing their efforts in Key Transparency.


Got a link to a copy of this paper you can share? A quick google search didn't turn up anything useful.



Is this something more than a public key server? Unclear if it tries to tie identity to accounts for verification like Keybase.

This is something I thought FB would be in a better position to do a while back: http://zalberico.com/essay/2016/03/23/Facebook-and-Public-Ke....

Though I guess most have just moved to walled garden encryption models instead of GPG - Moxie talks a bit about that here: https://moxie.org/blog/gpg-and-me/


Looking at the documentation in the repo, it sure looks to me like it's just a keyserver with a provable append-only model so you can audit every change. My cursory glance did not come up with any way to prove that the keys for a given account were actually added by someone with the authority to do so (there was even a screenshot showing that users could see when new unrecognized keys were added - https://raw.githubusercontent.com/google/key-transparency/ma... - which suggests that it relies on the user themselves to notice something going wrong).

The Design Overview does reference the fact that a user would have account credentials, and suggests that an attacker would have to compromise those credentials in order to change the keys on the user's account. So that's good. But that's still a single point of failure.

Compare this with keybase.io, where if an attacker compromises your account, they can't associate a new key with e.g. your twitter account thus tricking anyone who knows you over twitter into using your new key (they'd have to remove your twitter account from your profile in order to change the key). So keybase.io uses the variety of social networks as proof that your key really is owned by you, whereas Key Transparency seems to rely entirely on other people noticing via the key transparency history that the keys on the account all changed at some point (which doesn't necessarily even mean the account was compromised, it's possible the user did that deliberately because e.g. they lost control of their private key).

Note: I must repeat that I gave this only a cursory glance, and I didn't pay attention to some of the potentially-interesting properties here such as privacy protection. It's very plausible that Key Transparency does have valuable properties that keybase.io doesn't provide.


It's also worth mentioning that there is a draft spec for adding social proofs directly to OpenPGP: https://tools.ietf.org/html/draft-vb-openpgp-linked-ids-01

It's already implemented in Android OpenKeychain.


Is this something more than a public key server? Unlike a simple public key server, this provides privacy protecting elements. The project utilizes Zero Knowlege Proofs (ZKP) to limit your access to keys associated with users you already know.

How is this different than KeyBase? It is similar. Some differences include the use of ZKP, it is a generic key store designed (could be used for PGP or E2E messaging), it is designed to scale to trillions of entries, anyone can run a log, and architecturally it should scale significantly better. KeyBase is doing great work, though.


The post mentioned the inadequacy of PGP. I would like to see a comparison with Keybase (https://keybase.io) which addresses similar problems.


CT is mostly an automagic comparison.

You don't need to do anything and you get encryption and trust and all that stuff.

While keybase is a step in the right direction, it does not make communication any more secure by default.

You still need to setup PGP and use it to benefit from keybase.io

So in essence; CT is that one step ahead of keybase.io that makes it much much more useful but keybase is still a step in the right direction.


Keybase does not need a PGP setup. Keybase has moved on from that and use NaCl to solve the multi-device problem. GPG is just one more node in your trust chain.


Thanks!


I can give you in comparison, right now.


In Certificate Transparency, a CA is responsible for sharing its issued certificates to CT. In Key Transparency, anyone can register a key for an email address; they just have to arrive first. Is there any provision for preventing squatting ?


One of the differences between Key Transparency and other solutions is the role of certifying and logging have been separated. In other words, being in the directory does not mean the identity has been verified. The verification of control of an email address is the role of the certifier. Your requirements of the certifier are an application specific decision.


But isn't "certifying" the part that actually matters (making sure I have the right key for a persona / the right persona), and AFAICT, Key Transparency is focused on the logging aspect.

This is what I'm really not seeing in the blog post / GitHub repo; how does this actually establish trust in the received key?

(While it is true that the owner of the key can audit their account, that doesn't help a sender. Also, if watching people "verify" SSH & GPG keys has taught me anything, it's that even engineers who should know better are way too lazy.)


Ok I see, KT provides a visible log of all changes happening to a given key, but my initial question still stands: I can squat, say, eschmidt@google.com today and wait for someone to pay me a huge amount of money to give up that name ?


I'm not 100% sure, but it sounds like that's outside the scope of key transparency, and Google is envisioning that the ["certification authority that the system [represents]"][1] would verify that you indeed own `eschmidt@google.com` before letting you register an account using that address.

[1]: https://github.com/google/key-transparency/blob/master/docs/...


Ah, that's something that I didn't see at all: google would be in charge of running the KT peer for google.com, yahoo for yahoo.com, etc...

Thanks for the clear-up !


The article links https://keytransparency.org/ which is currently just a pointer to https://github.com/google/key-transparency/ .

The blog is more 'why' while the repo is mostly 'how'.


These principles also have important political ramifications which were detailed in a recent article sharing almost this exact title: https://thedaleyreview.wordpress.com/2017/01/08/transparency...


This article from TechCrunch does a good job explaining Key Transparency - https://techcrunch.com/2017/01/12/googles-key-transparency-p...


To understand the technical approach to the solution this is a good resource - https://github.com/google/key-transparency/blob/master/docs/...

This is also useful for understanding some of the core differences between CONIKS and Key Transparency - https://github.com/google/key-transparency/blob/master/docs/...


Do I understand correctly using keytransparency I'm backing Google to be the authority to verify that a key is indeed 'me'? Why would I want to do that? Why would anyone want to do that?


I don't like how they begin it with an attack on GPG


So everytime you want to communicate you ping Google's servers?


No.

First, like CT you want an ecosystem of logs.

Second, you have caching and in-band exchanges as means to mitigate some of that.


I didn't see any evidence of them suggesting that.


What are the implications of this?

    Get a /service account key/ and download the generated JSON file.

    The service account key is used to verify client OAuth tokens.

/from here:/ https://console.developers.google.com/apis/credentials




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: