[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor for everyone; introducing Eccentric Authentication



On 02/23/16 19:51, me@xxxxxxxxxxxx wrote:
> On 23.02.16 20:31, Guido Witmond wrote:
>> The answer is to let strangers - who never met before - exchange
>> public keys in a verifiable way.
> This very statement makes no sense to me. Verifying strangers?

Indeed, verifying strangers doesn't make sense.

But the moment that two strangers wish to communicate, things get
interesting.

When people meet in person, they immediately know whom the are talking
to: to person in front of them. Even if they don't know each others'
names. Most people would recognize the other when they meet again. We
use face, voice, posture, way of expression, hairstyle, clothing,
eyewear, etc to recognize each other.

This is very nice property to have in digital communication: *Being able
to recognize someone with whom you have communicated before.*

It would be easy create such a system if privacy was no concern: sign
every message using your government provided digital identity card.
Tyrannical governments love this.

The challenge is to have that recognition property *while remaining
anonymous.*

So, I envision that people who have never met online don't need to know
of one other.

But as they meet at a website, a mailing list, a dating site, a web
shop, a blog, a forum etc, they want to be able to recognize each other
and be able to send private messages that no one else, including the
site/forum operators can read.

Being private is something we take for granted in real life. We usually
know when other people can hear our conversations and when not. With
digital communications we need to encrypt the communications to protect
it against eavesdropping. That's the third property: *Protect against
eavesdropping.*

There is one more: In real life, it's very hard for someone to
impersonate someone who you have met before. Most people would treat the
impersonator as a different person from the one they remember.

That leads to a fourth property: *Identities must be hard to spoof.*

This combinations of properties is the goal:
- being able to recognise others;
- while remaining anonymous;
- be able to send private messages;
- and being able to detect MitM's.

And with Tor in the mix, we can prevent most meta data of whom is
communicating to whom, when and how long.

And that's what I want to achieve.

With regards, Guido Witmond.

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk