Anonymous Private Messaging

We’ve left out one technical part of certificates. Certificates
contain public keys. Our browsers retain the private keys. As long as
the browser keeps these private keys private, the security properties
will hold. If the private key leaks out, the security is broken. We
assume the browser won’t leak the keys. Later on we will show how we
can get browsers that are leak-proof.

With all these keys we can do more than just log in at a site.

We can do two more things:

  1. We can write messages that are encrypted so only the intended
    recipient can decrypt and read them.

  2. I can put my electronic signature on a message so recipients can
    verify that it came from me.

This makes it very useful for our dating site. Suppose, I spot an
interesting profile and I want to contact her. I ask the site for her
certificate. In it is the public key that lets me to encrypt my
message so that only she can read it. I use my private key to place my
electronic signature on the message and hand it to
the dating site for delivery. When she logs in, the site hands her the
message. Her browser decrypts the message and she can read what I
wrote.

Private messaging Private messaging

When she gets the message, she asks the site for my certificate. With
the key in it, she verifies my signature on the message. This will
prove that it was me, the owner of the private key that wrote it.

If she likes what I wrote, she uses that same key in the certificate to
encrypt a message to me and signs it with her private key. It’s the
keys in the browsers and certificates that make it all secure against
disclosure and tampering.

Notice that even the dating site cannot read what she and I write to
each other. All that the dating site knows is which identity writes
to which other identity. The message is secret even when the site is
used to get it from one to the other.

The fact that no one knows who you are when you signed up makes it
possible to write securely to complete strangers.

Trust issues aplenty

However. There is still a big privacy risk. Our daters are at the
complete mercy of the dating site. Remember it operates the CA
itself.

Abuse of trust by the FPCA and Site Abuse of trust by the FPCA and Site

The site could create ‘shadow’-certificates for each of the daters and
instead of giving out the correct certificate, it could give the
shadow-certificate when the daters request the other party’s
certificate. They have to trust the site and FPCA on this.

It’s because the site does both signing and message delivery it gets
in this position of trust. The site can open the message (replace it
with something it finds more profitable) and encrypt it with the real
recipients certificate.

One solution is to create a global register of all certificates. It
allows all parties to verify that the certificates they receive match
with what others have seen. It forces the FPCA to be honest. That will
be described in the next section: 4. “Global Registry of (Dis)honesty”.

Another solution is to create an independent message channel so the
site cannot even see who’s writing to whom. That’ll be part of section
5. “Independent message channels”.