[147263] in cryptography@c2.net mail archive
Re: [Cryptography] Specification: Prism Proof Email
daemon@ATHENA.MIT.EDU (Bill Frantz)
Sun Sep 22 13:42:05 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 21 Sep 2013 16:20:10 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <CAMm+LwgzbMiZfGf-vBqdCYcOZ0AaMYu5S3BFx3U3-d_rPts25Q@mail.gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 9/20/13 at 11:59 AM, hallam@gmail.com (Phillip Hallam-Baker) wrote:
>As someone who has seen the documents said to me this week, given a choice
>between A and B, the NSA does both. We have to do the same. Rather than
>have a pointless argument about whether Web 'o Trust or PKIX is the way to
>go, let everyone do both. Let people get a certificate from a CA and then
>get it endorsed by their peers: belt and braces.
This approach certainly meets my requirements. As a UI
designer/user I want it to JFW (Just ... Work) invisibly under
the covers. As a boarder-line paranoid, I want a indicator of
which methods passed. :-)
Let's add to the list of methods the SSH method of, "The same
key used the last time".
I assume users of the CA method would register with the CA in
some maner which would probably cost money. (How the CA
separates me from Bill Frantz, the professional photographer in
Illinois is not going to be cheap.) I understand there is still
a trademark dispute between the US beer Budwiser and the German
beer of the same name.
In the WoT case, having your key fingerprint written on a QR
code is a neat hack. Put it on the back of your business card[1].
I think CAs will be most useful for businesses while WoT will be
most useful for individuals. Everyone will be more comfortable
when the SSH test passes.
Cheers - Bill
[1] Back in days of yore, I needed to send some company private
data to my home computer. I didn't have the fingerprint of my
key at work, but I did have Carl Ellison's business card with
the fingerprint of his key. He had signed my key which was
available on a key server, so I had good enough reason to trust
that the key was actually mine.
-----------------------------------------------------------------------
Bill Frantz | Since the IBM Selectric, keyboards have gotten
408-356-8506 | steadily worse. Now we have touchscreen keyboards.
www.pwpconsult.com | Can we make something even worse?
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography