Comments on "trustless keyserver" #1
Description
Someone pointed me to https://github.com/mutecomm/mute/blob/master/doc/keyexchangeproblem.md I took my liberty to write this drive-by review; hope you don't mind. :)
- "key exchange" is already common terminology for a different concept (derive session shared keys from identity keys, assumed already known and valid for each member). Please choose a different name. "the key validity problem" or "the PKI problem" would be more appropriate
- have you heard of https://www.certificate-transparency.org/ ? their log has cryptographic properties that mean clients don't have to store the whole hash chain; they can store O(logn) of the tree and still be able to compare consistency with other clients. In fact, last I checked they still need to implement a gossip protocol between clients; you guys should work together.
- it would be good to actually quantify the security provided by the gossip protocol. Neither CT nor you guys do that, you just hand-wave and say "attacks will be detected by clients talking to each other". Yes probably this will be true, but how probably?