>In other words, your way of interpreting the question basically ignores the >hard problem. Of course, if you ignore the hard problem, then it's "possible".
I agree with that, the hard problem is aliasing real world identities with cryptographic ones. I've found, and I expect you'll disagree with me, that decomposing the problem into "aliasing" (very hard) and encrypting (easier), helps clarify the security requirements of particular use cases. I would also like to point out that the RPKI was specifically designed to prevent aliasing between cryptographic and real world organisational identities: "The subject name in each certificate SHOULD NOT be "meaningful", i.e., the name is not intended to convey the identity of the subject to relying parties." https://tools.ietf.org/html/rfc6484#page-13 On Sun, Nov 29, 2015 at 7:15 PM, Ximin Luo <[email protected]> wrote: > On 30/11/15 00:53, Ethan Heilman wrote: >>> No, this is a common fallacy of "identity-based encryption". >> >> Correct me if I'm wrong but my understanding is that IBE is slightly >> weaker but more useful than the protocol I described because IBE >> places some trust in the PKG. This trust allows IBE to directly >> connect identities to cryptographic identities. If a fallacy exists it >> is in the protocol I described but not in IBE. >> > > Ah, terminology confusion here. I was using "IBE" in the colloquial sense of > "the key is the identity", which is a not-so-uncommon (ab)use of that term. > > Yes, in academic literature "IBE" often refers to a system where a central > PKG who holds a secret can bind identity<->key information subject to this > secret, that others may verify this subject to trusting the PKG. > > But note the original question was asking "is it possible to have a > MITM-secure internet channel", no strings attached. To answer this question > honestly, it's not appropriate to insert conditions in here of the form > "subject to trusting the PKG". "Yes, but" means "no". > >>> No human user thinks in terms of contacting cryptographic identities. [..] >> >> I agree with what you argue here. I also agree that the system I >> described does not work for most typical communication use cases but >> the question was: >>> "if it can be possible, _at least theoretically_, to have a MITM-secure >>> internet channel without the use of PKI". >> The answer is both yes it is theoretically possible and yes there are >> atypical but real use cases. >> >> Am I correct in my understanding that .onion addresses work this way? >> > > Yes, .onion address work in the same way that you described, but they also > fall under what I was describing. And in fact, you can do this with *any* > cryptography system today - in the UI, just display the certificate/key > fingerprint instead of the URL/email-address/jabber-address, and there you go > you have a "MITM-secure internet channel", where the software doesn't > directly pretend to the user that they're communicating with (something other > than a cryptographic key). > > In other words, your way of interpreting the question basically ignores the > hard problem. Of course, if you ignore the hard problem, then it's "possible". > > (To put it another way, "self-authenticating" is a joke. My GPG fingerprint > is self-authenticating too. Just go talk to 0x1318efac5fbbdbce, it doesn't > matter who that is in real life.... what? no takers?) > > X > > -- > GPG: 4096R/1318EFAC5FBBDBCE > git://github.com/infinity0/pubkeys.git _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
