|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com Date: Tue, 10 Sep 2013 21:01:49 +0200 From: Guido Witmond <guido@witmond.nl> To: Peter Fairbrother <zenadsl6186@zen.co.uk> In-Reply-To: <522F520A.3080807@zen.co.uk> Cc: Cryptography Mailing List <cryptography@metzdowd.com> Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5934380158442897286== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2KACKIUMSAGBVLXDFAKDI" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2KACKIUMSAGBVLXDFAKDI Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 09/10/13 19:08, Peter Fairbrother wrote: > The only assurance given by the scheme is that if a person gave you > a hash which he generated himself, and you match it with a string and > that string matches what you know about the person (eg their name or > photo), then no-one else can have MTM'd it. So what you have is a scheme that allows people who meet *in real life* to exchange keys. Why can't they just exchange an email address and shared password? Or the fingerprint of a GPG-key, it's shorter and must match the email address. Or hand out business cards with your public key in a qr-code. If you meet in person, you've already eliminated all MitM attacks. My scheme does the opposite. It allows *total strangers* to exchange keys securely over the internet. The scheme uses a common interest website where people write signed messages. The site is the *introducer* of the strangers. The technical design with DNSSEC and a Certificate Transparency service detect MitM attacks by a hostile site. (it can't prevent it). *One* secure message is enough to create new channels. Once you have exchanged the key with a stranger, you can create other secure channels. Either direct messaging, chat, voice and video. You name it. So far, the channels are only between two people. But once introduced via a web site, people will exchange other peoples identities between friends, relatives, coworkers. Creating a web of connections, all encrypted with the TLS version du jour. The beauty: the names are readable, human friendly, easy to give out and verify. The protocol does all the certificate validation. Each web site that adopts this scheme works as an introducer. There is no central point to attack. So if the feds would block one site, you don't lose your already validated keys. You won't even lose the connections to other people if you have already established an independent message channel with most of them. Regards, Guido Witmond. ------enig2KACKIUMSAGBVLXDFAKDI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBAgAGBQJSL2ydAAoJEHPd8GglaNRmhoUP/2okq290d0+dfH/WePUwwzYB V/c8m8vdX1Rs0VwuYB32ixQLDZIHkyxg28VBoKFDDFQcvkmS4K3jEGHC6AmgFZeu lXsQqrVRi1HfJoDfhy4+xxpkOAZFYvZGAZekDgYmQJrMDoXKGz46Bwzhxfi1eHpj JcMOZbaCYn+Qez0GjjefgnDoi3HV32FjejtMHOu9mmrJkrOw7kZhs8ePS9YY245Y QnOWuo38U7FG3Hda9Ohq2gP4i4bu3LFdOYK6R0erzSLMkZ0GSRII2lKIpyq2amcb OhPPu+inVO6pX4rgF398jU5eKBcZbNxGDFe0ZO0+Bi0bgnDtkG8NBcUkmG8OqZlw yNge1CNF516btV+G6c1IlQGlUUwiwSmBRuazfWxla+YQ3/eJ/CYQUblrlmso4MCJ LERbPAY4QWp2NZpzNpea0YVQzI1hf7EtxJOGuZa1ckEQI+T/mIHw1lac+6WxixhV ALv6HIxJytizWKOu0I7B4SCzNjwbPYhC6Bf7q30lvtsVeloLMPewgewTOI37ci0O H60TAsgtVSgUZdNKmuPYvBc3fjAAduUbQLZRu4OonU/T5UsJOKDVlEYeZOR1yFfM hkWF9Mxh9pzVpUkGwVh4fq1mVj2c0/sJ7uFO894rJbhVlDL97usfSNlLS8/7kmf9 Rf2F0UHjpe6x8Pu646gj =HXGO -----END PGP SIGNATURE----- ------enig2KACKIUMSAGBVLXDFAKDI-- --===============5934380158442897286== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography --===============5934380158442897286==--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |