Let’s Attest! Multi-modal Certificate Exchange for the Web of Trust

On the Internet, trust is difficult to obtain. With the rise of the possibility of obtaining gratis x509 certificates in an automated fashion, the use of TLS for establishing secure connections has significantly increased. However, other use cases, such as end-to-end encrypted messaging, do not yet have an easy method of managing trust in the public keys. This is particularly true for personal communication where two people want to securely exchange messages. While centralised solutions, such as Signal, exist, decentralised and federated protocols lack a way of conveniently and securely exchanging personal certificates.This paper presents a protocol and an implementation for certifying OpenPGP certificates. By offering multiple means of data transport protocols, it achieves robust and resilient certificate exchange between an attestee, the party whose key certificate is to be certified, and an attestor, the party who will express trust in the certificate once seen. The data can be transferred either via the Internet or via proximity-based technologies, i.e. Bluetooth or link-local networking. The former presents a challenge when the parties interested in exchanging certificates are not physically close, because an attacker may tamper with the connection. Our evaluation shows that a passive attacker learns nothing except the publicly visible metadata, e.g. the timings of the transfer while an active attacker can either have success with a very low probability or be detected by the user.