On 02/23/16 19:51, me@xxxxxxxxxxxx wrote: > On 23.02.16 20:31, Guido Witmond wrote: >> The answer is to let strangers - who never met before - exchange >> public keys in a verifiable way. > This very statement makes no sense to me. Verifying strangers? Indeed, verifying strangers doesn't make sense. But the moment that two strangers wish to communicate, things get interesting. When people meet in person, they immediately know whom the are talking to: to person in front of them. Even if they don't know each others' names. Most people would recognize the other when they meet again. We use face, voice, posture, way of expression, hairstyle, clothing, eyewear, etc to recognize each other. This is very nice property to have in digital communication: *Being able to recognize someone with whom you have communicated before.* It would be easy create such a system if privacy was no concern: sign every message using your government provided digital identity card. Tyrannical governments love this. The challenge is to have that recognition property *while remaining anonymous.* So, I envision that people who have never met online don't need to know of one other. But as they meet at a website, a mailing list, a dating site, a web shop, a blog, a forum etc, they want to be able to recognize each other and be able to send private messages that no one else, including the site/forum operators can read. Being private is something we take for granted in real life. We usually know when other people can hear our conversations and when not. With digital communications we need to encrypt the communications to protect it against eavesdropping. That's the third property: *Protect against eavesdropping.* There is one more: In real life, it's very hard for someone to impersonate someone who you have met before. Most people would treat the impersonator as a different person from the one they remember. That leads to a fourth property: *Identities must be hard to spoof.* This combinations of properties is the goal: - being able to recognise others; - while remaining anonymous; - be able to send private messages; - and being able to detect MitM's. And with Tor in the mix, we can prevent most meta data of whom is communicating to whom, when and how long. And that's what I want to achieve. With regards, Guido Witmond.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk