On Sun, Oct 5, 2014 at 2:01 PM, D. J. Bernstein <[email protected]> wrote: > Am I the only one who's bothered by all the effort to build naming/PKI > systems that put, e.g., VeriSign and Google and anyone who compromises > them in control of all communications between Alice and Bob?
If you're referring to centralized or provider-based key directories, I see those as more about "opportunistic encryption". Users could still opt for end-to-end authentication (enabling TOFU warnings, checking fingerprints, registering with transparency monitors, etc). > What I'd like from a naming system is something better, namely maximum > security. This concept is explained in, e.g., > > > https://groups.google.com/forum/#!original/talk.politics.crypto/bC-4Kt3nUVM/AIOgqVlWoCoJ Nice, I hadn't seen such a clear early statement of the "passing keys alongside names" argument (since then: SFS [1], YURLs [2], S-Links [3], DNSCurve [4], Tor Hidden Services, etc). Making it easy for people to pass public keys or fingerprints is a challenge. We could try to optimize text representations, use QR codes or NFC, use Namecoin-like names, and so on. GNS looks like another alternative. > The reason I'm writing now is that I > think most people here haven't yet heard of the GNU Name System, a > _usable_ maximum-security decentralized naming system: > > https://gnunet.org/sites/default/files/paper_cans2014_camera_ready.pdf So GNS allows you to assign keys "petnames" scoped under your key - roughly you sign the other key and its petname with your key. Then you lightly encrypt it ("query privacy") and publish it to a DHT, using a symmetric key based on your public key and the petname itself. So you can tell someone Alice's key by telling them your name for it ("carol"). If they know your public key, they can use it to lookup your "carol". Comments: * "Scoped" names seem sort of confusing and less useful than global names. I.e. "carol" isn't the global name of Alice's key, it's only my name for Alice's key, so it's only useful if you already know my key and understand this concept. * "Query privacy" doesn't seem enough to prevent harvesting a lot of the social graph. I.e. if you know my public key and are willing to do thousands of DHT lookups, you'll probably find a lot of my petnames. And if there's no DHT, storing all the entries in one place will enable offline cracking. Trevor [1] http://en.wikipedia.org/wiki/Self-certifying_File_System [2] http://www.waterken.com/dev/YURL/Definition/ [3] http://www.secure-links.org/ [4] http://dnscurve.org/ _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
