Re: [liberationtech] Announcing Scramble.io
On Fri, Aug 23, 2013 at 01:53:59AM -0700, DC wrote: > My plan is to make make your email the hash of your public key. > For example, my address is *nqkgpx6bqscsl...@scramble.io* > (I borrowed this idea from Tor Hidden Services.) Cool idea. This is also similar to CurveCP and DNSCurve. For example: $ dig ns chocolatine.org +short uz5qry75vfy162c239jgx7v2knkwb01g3d04qd4379s6mtcx2f0828.ns.chocolatine.org. uz5cjwzs6zndm3gtcgzt1j74d0jrjnkm15wv681w6np9t1wy8s91g3.ns.chocolatine.org. But I think you meant to say the Base32 encoding of one's public key, not the hash, right? Nicolai -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Announcing Scramble.io
On Fri, Aug 23, 2013 at 06:22:02PM -0400, Tom Ritter wrote: > SSL is Secure and Memorable, but highly centralized. (It is secure > because you have to prove ownership of a name to get a certificate for > it.) > This technique is Secure and Decentralized - but not memorable. Agreed regarding scramble.io. I think DNSCurve and CurveCP would be more likely to fit under Secure and Memorable, with questions about Decentralization, since DNS itself is highly centralized. And when I say memorable, I mean that the public keys are not exposed to the user, so it's actually not applicable. You use CNAMEs for CurveCP keys [0], and end users don't need to know NS records to look up example.com. So I suppose from a Zooko's Triangle perspective, CurveCP & DNSCurve would be in a different category than scramble.io. Nicolai 0. dig curvecp.chocolatine.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] 15 years later, why can't Johnny still not encrypt?
On Wed, Jan 15, 2014 at 8:32 PM, Joseph Lorenzo Hall wrote: > I'm thinking of operations like fingerprint verification. I can > analogize encryption to locking boxes with keys (even asymmetric or > DHE), but when it comes to other kinds of things (even explaining the > utility of a cryptographic hash), there aren't a lot of real-world > analogies to bootstrap their intuition. Maybe this will come in future > generations of socialized human. It seems to me that a usable mail encryption and authentication system should work without ever showing a user any kind of hash except for key fingerprints, so you don't _need_ an analogy. For the fingerprints, perhaps it would be best to just pretend that the fingerprint is the _identity_ of the person. cu, Nicolai -- Lerne, wie die Welt wirklich ist, aber vergiss niemals, wie sie sein sollte. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
