WHY to communicate out-of-band
You as the user can better assess the degree of privacy a message of yours
requires and who potential adversaries are. When using Private Message, it is
assumed that an adversary possibly or even likely eavesdrops on your Internet
communications such as e-mail, www, chat, etc.
But because Internet communication is still the most convenient medium to
communicate, you elect to use it all the same and protect yourself with
Each such technology, however requires at least an initial establishment of
mutual trust between you and your recipient counterparts. This time, you must
take the extra effort to communicate with them in a way that you are not or
at least to your least imaginable degree intercepted by the adversary.
HOW to communicate out-of-band
How to communicate PUBLIC KEY FINGER-PRINTS out-of-band
If you use personal public keys of yourself and/or the recipients, you must
ensure that you REALLY use theirs and not some public key of an adversary
that got to you by a so-called "man-in-the-middle" attack where
the adversary replaced your counter-parts' key in transit when your
counter-part tried to
send it to you. Or an adversary could spoof your counter-part during that
key exchange altogether.
Public key encryption systems provide a fingerprint function that makes it
feasible to compare even long public keys efficiently for example over the
phone. Pre-condition for this to succeed again is that your public key system
on your own hard-disk is genuine and correct and no adversary has put a secret
trap-door into it that will allow the attacker to (i) replace keys after their
integrity has been verified
with the out-of-band approach described here or to (ii) copy the private
messages as they are exchanged in an unnoticed way.
The good news in this type of systems is that you need not to worry
if the adversary listens in on that conversation - public keys are public
and they can learn that finger-print without being able to cause harm.
See "Validating other keys on your public keyring" for further
information on this!
HOW to communicate MESSAGE UNLOCK CODES out-of-band
In this case, you want all you want for finger-prints as just described,
but on top of that it is important that the adversary not even learns
what your Message Unlock Code is.
The good news in this type of private message exchanges is that you need
not worry about where to get a good encryption system and how to operate it.
As long as your web browser and its root certificates are untampered, you
ought to be fine.
Rules of thumb on choosing good out-of-band channels (for both)
As long as there are no good revocation mechanisms, even if you successfully
verified the integrity of your counterpart's public "out-of-band"
as explained above, it makes sense to verify it again after some time because
your counterpart in the mean-time have might have his or her key lost, stolen
or otherwise compromised.
CRLs and OCSP are efforts to spare you
in the future, but for now, there isn't really a way around it.
- do not use an Internet based-channel (e-mail, www,
- use a channel operated by a different provider: If
your ISP is also your phone fixed net
provider, perhaps your cell-phone is operated by someone else? If so, a call
via cell phone or an SMS may
be the channel of your choice.
- use different terminals: If your fax line is not
operated by your
ISP, but your recipient uses a fax-to-email conversion service and faxes
are received digitally on the very same computer again, the purpose of
out-of-band is defeated again...
- hand over in person: this approach is a lot better,
but quite an effort
and only makes sense for finger-prints. Because Message Unlock Codes
are exchanged each time a message is exchanged, you preferably
exchange the message itself (on a floppy disk/CD you burned/etc.) if it is
feasible to meet in person or have a reliable and timely messenger.
- Pigeons: In former times, pigeons were used for such
Yes, most people will never in their life have any, but you get the point
to choose a channel that is costly for an adversary to
alter. Be creative in the way to get these short and easy
messages securely to your counter-part.
- use different message transportation infrastructure:
that cell phones go over the air while fixed net phones use wires. Right
next to your phones this is obviously true, but most cell phone calls
make the long distance over wire as well. Possibly not even wires owned
and operated by themselves. But still, hopefully, your cell operator uses
a virtual private networks at least until their gateways to the recipients
provider. Even if they don't, by choosing a cell phone channel you have
most likely added a degree of complexity in the attack that needs to be
mounted against you. But sure, staying with the air versus wire example,
using walkie-talkies or true long-distance radio is better than cell