From Guardian Project Wiki

Revision as of 19:03, 1 November 2011 (view source) Hans (Talk | contribs) m ← Older edit		Revision as of 19:28, 1 November 2011 (view source) Hans (Talk | contribs) Newer edit →
Line 49:		Line 49:
	= Outstanding Questions =		= Outstanding Questions =
-	* tracking connections to PGP servers as suspicious activity (HTTPS?)	+	* tracking connections to PGP servers as suspicious activity
		+	** HTTPS to prevent snooping of data
		+	** Tor to prevent tracking of notable IPs

---

Revision as of 19:28, 1 November 2011

Contents 1 User Stories 1.1 The Small Cabal 1.2 Diffuse Activist Organization 1.3 Multinational Org 2 Outstanding Questions

User Stories

The Small Cabal

There is a small group of people that needs to communicate as securely and anonymously as possible. They all meet up in person. They generate keys, and individually sign each person's key and get that person's signature on their own key. These are local-only unexportable signatures. No one uploads their keys to any other server or device. They each generate a revokation certificate and hook it up to their panic button app. Once the panic button is hit, the phone broadcasts the revokation certificate to the pre-determined list of people.

Diffuse Activist Organization

• working in a country that aggressively tracks communications
• many people meet in person at various places around the country
• some people also travel to regional and national meetups
• very few participants meet everyone in the organization
• the central forum for the whole group is on the internet
• lots of big group discussions and announcements

• each person has a key, they post it to the PGP keyservers
• they generate a revokation cert
• they do not post any signatures to the key servers
• whenever they meet another person that they trust, they sign each others' keys and swap all signature data using direct p2p communication

• they establish the first step of trust via OTR question/answer
• they can then check whether they have PGP trust path to each others' keys

• when they hit the panic button the post the revokation certificate to the keyserver
• each client automatically checks the public keyservers regularly for revokations

Multinational Org

• many people work in countries where the gov't does not aggresively monitor communications
• a handful of people work in high risk environments from time to time
• there are also local contacts in aggressively monitored countries working with the org

• local operatives use only private signatures

• the public figures want to have a public trust profile
  • they use the public PGP infrastructure
  • they publically share all public signatures
  • private signatures are in lsign format, so they cannot be shared

• all signatures are always sent to the key owner via email
• signer can mark the signature as private or public
  • a private signature uses an "lsign" which cannot be exported to the keyservers
• the key owner can then decide how to manage the signatures
  • privately import the signature to their keyring, where it will be stored in an unexportable format
  • publically import the signature into their keyring and sync it via the public PGP servers

Outstanding Questions

• tracking connections to PGP servers as suspicious activity
  • HTTPS to prevent snooping of data
  • Tor to prevent tracking of notable IPs