ianG <i...@iang.org> writes: > On 11/07/2014 11:27 am, James A. Donald wrote: >> On 2014-07-11 07:45, Kevin wrote: >>> On 7/10/2014 4:39 PM, John Young wrote: >>>> https://blog.silentcircle.com/why-are-we-competing-with-phone-makers-skype-and-telecom-carriers-all-in-the-same-week/
>> With silent circle, when Ann talks to Bob, does Ann get Bob's public key
>> from silent circle, and Bob get Ann's public key from silent circle.
>> If they do it that way, silent circle is a single point of failure which
>> can, and probably will, be co-opted by governments.
>> If they don't do it that way, how do they do it.
>> Obviously we need a hash chain that guarantees that Ann sees the same
>> public key for Ann as Bob sees for Ann.
>> Does silent circle do that?
> While I'm interested in how they're doing that, I'm far more interested
> in how Ann convinces Bob that she is Ann, and Bob convinces Ann that he
> is Bob. We left the OpenPGP/cert building a long time ago, we need more
> than just 1980s PKI ideas with elegant proofs.
Note there's a philosophical issue here. A very good actress could
convince Bob that she's Ann no matter how high the bandwidth of their
communication, such as intimate body contact.
The only individual in the universe who is qualified to authoritatively
deny the actress' claim is Ann. To convince Bob, she needs something
the actress cannot have, such as the password to her encryption key.
--
-- StealthMonger
Long, random latency is part of the price of Internet anonymity.
Key: mailto:stealthsuite nym.mixmin.net?subject=send%20stealthmonger-key
pgpO65XFNlHIm.pgp
Description: PGP signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
