this post was submitted on 15 Jul 2026
71 points (94.9% liked)

Technology

86387 readers
4384 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] scratchee@feddit.uk 1 points 13 hours ago (1 children)

The user would be unable to use E2EE as soon as the key is swapped, so the only real issue here is impersonation.

If an admin mitms all the messages then they can re-encrypt using the users original/real public key, leaving the user unaware that they have been hacked and able to use encryption as normal, or am I missing something?

[โ€“] Barbarian@sh.itjust.works 1 points 11 hours ago* (last edited 11 hours ago)

That would rely on the contact of that user using the admin's public key. In most systems I've seen that'd result in a big flashing warning that the user's key has been changed. So, dangerous for people contacting you for the first time, much more obvious if the 2 users have been talking before that point.

Other people have raised the much more interesting and potentially dangerous point that it's very difficult in this context to make sure that a particular public key corresponds with a particular user. I'm way more used to sysadmin style issues where you have a small number of known keypairs, while in this context it's a large number of mostly unknown keypairs, so you need some way of confirming that. I'm starting to understand why this is a much thornier issue than it appears on the surface.