you know matrix chat? it’s supposed to be end-to-end encrypted. the same goes for whatsapp and other chat applications.

(technical note: if alice wants to send a message to bob with end-to-end encryption, then alice signs the message with her private key and bob’s public key. then bob can read the message with alice’s public key and his private key. so bob knows that the message actually comes from alice, and nobody can read it but bob.)

here’s the problem: the public keys are all stored on someone else’s (3rd party) server. for whatsapp, they’re stored on whatsapp’s server. so if bob gets a message from alice, he has to read that message with alice’s public key, but he gets the key from whatsapp’s server. so whatsapp can do a man-in-the-middle attack quite easily by giving out a fake alice’s public key.

actual effective end-to-end communication is only possible if alice and bob exchange public keys in real life. this circumvents a 3rd party server. and this is what needs to be implemented in chat applications such as matrix chat. (you can pass the public key with a QR code or sth like that)

  • Aniki@feddit.orgOP
    link
    fedilink
    arrow-up
    1
    ·
    3 days ago

    you can sometimes meet some of your peers in real life, which is better than never meeting any of your peers in real life. exchanging some public keys securely is better than never exchanging any public keys securely.

    • gnufuu@lemmy.ca
      link
      fedilink
      arrow-up
      5
      ·
      3 days ago

      I agree that public keys need to be verified over a separate, secure channel. I also agree that meeting irl is to be preferred. My point is that using other channels for verification is still better than not verifying the keys at all.

    • Aniki@feddit.orgOP
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      3 days ago

      also the possibility of meeting in real life and verifying mutual public keys deters public key servers from giving out fake public keys because they could more easily be verified if the two people ever meet in person in the future, and so the server would be blamed for a mismatch.