On 02/24/16 23:26, juan wrote: > On Wed, 24 Feb 2016 23:04:39 +0100 > Guido Witmond <guido@xxxxxxxxxx> wrote: > >> My drive is to make key exchange happen as a natural part of normal >> interactions between people. > > So teach people how to exchange keys. Teaching is not a solution. See Peter Gutmann's book Security Engineering. 800+ Pages of disasters with security. Depressing and enlightening ;-) >> Not as a separate step that could be >> neglected, forgotten or done wrong. > > Ah you want key exchange without key exchange? That is, of > course, absurd. I don't want *people* to exchange keys. I envision people to exchange names and let computers do the key lookup. For example, I get the id@site name from a nice lady I met at a bar. It's just like an email address but slightly different. At home, I type in that address and my computer searches the validation service for the key. If all is well, there is *one* public key. That must be the key of the lady. If there is none, she may have given me a wrong address, or I may have made a typo. In these cases, it's like she gave a wrong telephone number. If there is one public key, it must be hers as her computer checks for duplicates to protect her privacy. Or it's the name of some stranger, and after an embarrassing moment, I understand I can't reach her until we meet again in person. If there are duplicates, she must find another site as it violated the protocol. She would do so as she won't get any responses from the people whom she gave her correct address. Those people would reject the duplicates and move on. (That's the protocol requirement.) If she gave the correct id@site and there is only one public key, I can send her encrypted messages that only she can decrypt. Now we can talk in private. And when we use Tor, we hardly leave any meta data. So the exchange of a human readable name - the id@site - implies that I can deduce the correct public key. The one-to-one relationship between names and keys makes it easy for humans to excahnge a name and for the computer to figure out the correct public key. So, to answer your question: people communicate id@site names, the computer verifies the uniqness properties to determine the corresponding public keys. The requirement to make the relation between names and public keys is key. Pun intended. I hope this answers your question. Regards, Guido Witmond.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk