[cap-talk] E-mail password caps, Horton ??? [Horton's "Who Done It?"]

Rob Meijer capibara at xs4all.nl
Thu May 24 02:52:41 EDT 2007 

On Thu, May 17, 2007 17:58, Karp, Alan H wrote:
> Rob Meijer wrote:
>>
>> In my e-mail capkey project, both Bob and Carol would supply
>> Alice wit a
>> reasonable amount of 'introduction' references.
>> If Alice wants to introduce Bob and Carol, she would choose an unused
>> introduction reference of both Bob and Carol, and use it to send Bob a
>> message with the introduction reference to Carol, and to send Carol a
>> message with the introduction reference to Bob.
>> Alice would than step out of the loop, and Bob and Carol
>> could use their
>> mutual introduction chanels to send each other the appropriate
>> references.
>>
> If you're not careful, Alice can make Bob think that she is Carol or
> Carol think that Alice is Bob.  I think your protocol has this flaw.
> The reason Alice stays in the picture in Horton is to provide a known
> path by which Carol can pass to Bob an unspoofable reference to herself.

After taking some time to think about it, I think that the nature
of e-mail rather than the protocol itself seems to prevent this.
I'm not completely sure on this however.
I've made a short presentation on the subject that describes the usage
of the +folder password caps for e-mail:

  http://www.xs4all.nl/~rmeijer/mailkeys.pdf

Staying in the Horton paper terminologies, the 'stub' that goes with
a mail key would be a simple statemachine with the folowing 5 states:

O: Unused reference
U: Used for sending data
I: Used for introduction
R: Explicitly revoked
A: Auto revoked

If in 'State==O' the reference gets used with a Cc, the stub will
go into 'State==I', if it gets used without Cc, it will go into
'State==U'. The O->I transition should create a new stub/key pair
and use the introduced peer reference to hand the newly created
key to.

If the stub is in 'State=U' it will stay in this state untill it gets
explicitly revoked.

If the stub is in 'State==I', any subsequent usage will make it go into
'State==A'.


I would be very interested to hear if (and how) in this specific usage,
this protocol would also be flawed, and should thus be replaced by
something close to Horton.

Rob

More information about the cap-talk mailing list