Global Registry of (Dis)honesty

In the section 3. “Anonymous private messaging” we created a way to
transmit encrypted messages between two people that signed up at the
same site.

The reason it worked was because both parties trusted the dating site
enough to use it. That’s how trust works. If you trust it, you can use
it. If you don’t trust it, you either do not use it or you give it the
benefit of the doubt.

With the dating site signing its members’ certificates, both daters
can validate that the other is a dating site member (too).

The keys in the certificates (and browsers) protect the messages
against tampering and disclosure. Not even the dating site can read along.

But that’s only true if the dating site proves to be trustworthy. The
site can lie to both daters and give fake certficates that allows it
to perform a Man-in-the-Middle attack, impersonating both to each
other. It obliterates most security features of Eccentric
Authentication. The only benefit is that the daters did not have to
provide email addresses or other personal identifying data at
signup. If our daters are smart they would reject the site the moment
it asks for personal identifying data. Never to return. (Be paranoid,
it pays off.)

Proving honesty

In general, you cannot prove honesty. You can only prove dishonesty.
What we are going to do is to set up a mechanism that will prove
dishonesty when it happens. It allows people to verify that the site
(and FPCA) have not been dishonest so far.

We can make the site and FPCA honest if we can verify that it never
creates more than a single certificate for each username. That was
the protocol violation in section 3.

Global Registry catches a dishonest FPCA Global Registry catches a dishonest FPCA

We define a global certificate registry. It’s an independent
organisation from the dating site. An ISP could set one up for its
customers. Or a consumer organisation. These registries should pool
together to make their data available to everyone. To users, it must look
like one big database.

Each time a person signs up for a certificate, his browser publishes
the certificate it receives at the registry. This registry records
every certificate it receives and remembers these.

When later on, someone asks for the certificates for {site, username}
it will tell all certificates it has for that combination. If the site
is honest, there will be exactly one certificate for each {site,
username}
combination. If there are two (or more) certificates it is
proof that the site violated the uniqueness requirement.

Here is how to use the registry to keep the dating site honest.

  1. When you sign up at the dating site you submit the certificate you
    receive from the FPCA to the registry; you’ll get to know
    immediately from the registry when there is already a (different)
    certificate with the same {site, yourname} combination.

  2. Before you send the first message to a new person, you don’t ask
    the dating site, instead you check the registry for the certificate
    of {site, hername}. There must be only one. In it is the key to
    encrypt your message to her.

  3. When you receive the first response, you validate the certificate
    used to sign the message. Then you check the registry for the
    other persons’ certificate again. It must be one and the same as in
    step 2. And it must match the message signature in the response.

  4. Then you check to the registry for all certificates it has on your
    own {site, yourname} combination. There must be only 1. Yours.

If you are a dater and receive the first message from someone new
you perform these steps:

  1. You validate the message signature to obtain the nickname from the
    certificate. You check the registry for certificates that belong
    to {site, hisname}. There must be only one. And the certificate
    must be equal to the one in the message.

  2. You check that the registry has only one certificate for your
    identity {site, hername}. Yours.

Here is the crux:

If you detect at step 3 or at step 5 that the message you receive is
signed with a different certificate than what you got from the
registry, you’ve got the proof of dishonesty. You submit that ‘wrong’
certificate to the registry. It will publish it so the whole world
will know that the site has been dishonst. That wrong certificate is
the one that the other party will detect in step 4 or 6.

By publishing your certificate in the global registry, it allows
everyone to lookup your certificate. There is no way the dating site
and FPCA can impersonate you without you or your communication partners
from detecting it quickly.

We can improve on it a bit more. As the registry learns all the
certificates, it is in a position to tell whether a site has issued
multiple certificates for a single nickname. If so, it can proactivly
tell the world that a site is dishonest. Imagine a step zero in the above
list:

o. Check the registry for the current ‘honesty-status’ for site. If
bad, don’t sign up, spend your money elsewhere.

That would be a good deterrent for a site being dishonest.

Of course, we can’t vouch for any one of the daters on the site. Some
could be criminals trying to cheat you out of your money. We don’t have
a protocol against that. Common sense and a friend to shadow you when
you agree to meet in real life can help here.