[147029] in cryptography@c2.net mail archive
Re: [Cryptography] Introducing strangers. Was: Thoughts about keys
daemon@ATHENA.MIT.EDU (Guido Witmond)
Wed Sep 11 13:37:48 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 11 Sep 2013 19:32:04 +0200
From: Guido Witmond <guido@witmond.nl>
To: cryptography@metzdowd.com
In-Reply-To: <20130911084354.GM10405@leitl.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6233246362296051989==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="----enig2TABROEIWSDRBXMWPQJRD"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2TABROEIWSDRBXMWPQJRD
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 09/11/13 10:43, Eugen Leitl wrote:
> On Tue, Sep 10, 2013 at 09:01:49PM +0200, Guido Witmond wrote:
>=20
>> My scheme does the opposite. It allows *total strangers* to
>> exchange keys securely over the internet.
>=20
> With a FOAF routing scheme with just 3 degrees of separation there
> are not that many strangers left.
How do you meet people outside your circle of friends?
How do you stay anonymous? With FOAF, you have a single identity for it
to work. I offer people many different identities. But all of them are
protected, and all communication encrypted.
That's what my protocol addresses. To introduce new people to one
another, securely. You might not know the person but you are sure that
your private message is encrypted and can only be read by that person.
Of course, as it's a stranger, you don't trust them with your secrets.
For example, to let people from this mailing list send encrypted mail to
each other, without worrying about the keys. The protocol has already
taken care of that. No fingerprint checking. No web of trust validation.
> If you add opportunistic encryption at a low transport layer, plus
> additional layers on top of you've protected the bulk of traffic.
I don't just want to encrypt the bulk, I want to encrypt everything, all
the time. It makes Tor traffic much more hidden.
There is more
The local CA (one for each website) signs both the server and client
certificates. The client only identifies itself to the server after it
has recognized the server certificate. This blocks phishing attempts to
web sites (only a small TOFU risk remains). And that can be mitigated
with a proper dose of Certificate Transparency.
Kind regards, Guido Witmond,
Please see the site for more details:
http://eccentric-authentication.org/
------enig2TABROEIWSDRBXMWPQJRD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iQIcBAEBAgAGBQJSMKkUAAoJEHPd8GglaNRm9qkP/1jJEsmq+zpKqqWmqDxCIB2/
JG65lX5FF8Aa4JfrRzj9fqDT7vvw3dg8+rnxLMyQlDzCXyE0LgNGfXdSrHiatsfF
AhkIPP6cW4VgeLLnmsZADmDzAZ8CdDzOgY+mVMRyKhX22tDqhZT79yi000JJU7Td
GegxNmcQC3A33uh3hCw7FPAZVD2alv7SY6O6E3ZcNvIYfLUvACehxZ2oMUf72zft
LzYBxRGoN4DjXHfFP0fU6xM6xTx4KcaVWgY6J0Vg5vwreTRc3sQRCx7WaszR1J1V
E/zMtwPmxNcOCPO6UG0NQ0Tef/WEMFmhzWN1UBfAGhas2vKMEmO0A1QZfCWkASok
JtlSQ66Noo64DgBxi/+nZ8inT6zJQymyUX/X8jwPV2faNmaJrVVYWyrDTCWwkVaG
6scJlD8/RFygN4FCejXnNcIIHc6y+G3ThKcCiYPvxuj5ANX7iycqDufYpKNaPfbY
X2CfJKPUJ341BqFHydSX2j78mq2M2LOuaI7WnfJ7cflAtgTxiahJQRDEgsIVeq34
+PP3NFmn1G7f1h1wnAl9K9vu+JB9sMhDC5gYia8xzQDEmbsAORsG4RPm4OgzvV5W
c2NknzCqQixVVEmQz7Ivmy2dKGE0xnuIU2rx/HZXjTQDzN7BBzqzNu+r5tLsLZ5T
2ACF6A8veW8QYFkaerAv
=bxVA
-----END PGP SIGNATURE-----
------enig2TABROEIWSDRBXMWPQJRD--
--===============6233246362296051989==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============6233246362296051989==--
