[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor for everyone; introducing Eccentric Authentication

On 02/24/16 00:22, Allen wrote:
>> Secondly, with the requirement that nickname@xxxxxxxxxxxx to be unique,
>> I could write that nickname on a business card and hand it out. People
>> could verify at a verification service that there is only one
>> certificate (and public key) for that name and be sure to have gotten
>> *my* public key. From that point, they can send encrypted messages to me.
> That's not a service that I would use myself.  If I wanted people to be
> able to get my public key from a business card, I would print the key
> itself on my card using a QR code.  The other stuff you listed also don't
> have much interest to me personally, but I can't speak for anyone else.

Granted, it's secure to print a fingerprint on a business card but it's
not so user friendly. And as studies[1] have shown, most 'normal' people
won't be as judiciously with fingerprint validation as the security
minded. And I believe both groups deserve the same strength in security.

Would you use this service if all you'd have to do is type in the users'
nickname@site and your computer would validate if there is only one
certificate attached to that name. If so, you can be sure that only the
intended recipient can decrypt it. If the computer would find multiple
certificates - or none at all - it would give an error and doesn't allow
communication because it couldn't determine the correct public key to use.

Or what about being able to scribble a nickname@site address at the back
of a beer coaster in a bar.

My drive is to make key exchange happen as a natural part of normal
interactions between people. Not as a separate step that could be
neglected, forgotten or done wrong.

Regards, Guido Witmond.

1a: Why Johnny can't encrypt.
1b: Engineering Security, by Peter Gutmann.

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to