diff --git a/inbox/automatic-trust-transfer.xml b/inbox/automatic-trust-transfer.xml index 631394d7..8f1ced54 100644 --- a/inbox/automatic-trust-transfer.xml +++ b/inbox/automatic-trust-transfer.xml @@ -110,6 +110,28 @@ + +

+ The goal of key authentication is to create an end-to-end encrypted communication network exclusively of devices with authenticated keys. + As a result every communication channel between those devices is resistant against active attacks. +

+

+ The network of devices which authenticated each other's keys can be seen as a complete graph with each device as a node and each mutual authentication as an edge. + The number of edges grows for each new device by the number of existing nodes. + That means to sustain a secure communication across all devices, a new key has to be authenticated by all n existing devices and vice versa. +

+

+ One of those n mutual authentications requires user interaction like scanning each other's QR codes or comparing each other's key identifiers by hand. + That is the initial mutual manual authentication. + The remaining authentications can be automated relying on the secure channel established by the inital mutual manual authentication and the secure channels already created by the same procedure between the rest of the devices. +

+

+ For creating the described complete graph with n nodes, a total of T(n) = (n*(n-1))/2 ∊ O(n²) mutual authentications are needed. + When using ATT, only T(n) = n-1 ∊ O(n) of them have to be made manually. + All remaining authentications can be performed automatically. + Thus, less user interaction is needed for authenticating all keys involved in the secure communication while preserving the same security level. +

+

A trust message contains an XMPP URI (see &xep0147;) defined by the following scheme: