[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor for everyone; introducing Eccentric Authentication

On 02/25/16 11:57, me@xxxxxxxxxxxx wrote:
> A magic wand is a solution. :-)

Luckily, any sufficiently advanced technology is indistinguishable from
magic, so to my audience - the normal user - it looks like that :-)

> Though I don't understand your protocol, I don't like id@site names.
> That site belongs to a corporation, so I depend on a corporation which I
> can't control. 

There is good news, anyone can run this protocol on any domain. It's not
limited to companies. In fact, running it on your own domain gives you
the security that no one can be messing with it.

> There is a more fundamental problem with human readable
> names. There is competition for nice names like "sex" or "casino", for
> example, in the domain of domain names. This competition is resolved
> with auctions. So a human readable name is paid, and its owner depends
> on the registrar.

Everything has a price. Only sunlight is free, after paying the
rent/hotel/wood for the fire under the bridge to survive the night. :-)

Seriously, the requirement is that each sitename is unique and can't be
abused by others than the owner. That way, each user@sitename is unique.
And that's to make the one-to-one relationship between names and keys.

There might be stronger systems than the current DNS registrars. A
sitename in a Namecoin system springs to mind. The issue is that it's
used by a very small group.

But take it from me, I'm in favour of stronger naming systems than DNS.
It's quite brittle in respect to coercion.

Public key fingerprints are a solution to both problems.

Except that people won't check these things. You do, but I want a system
that works for people who don't/can't verify those.

Cheers, Guido.

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to