Delivery-Date: Wed, 24 Feb 2016 17:13:59 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 7F54B1E0AC8;
	Wed, 24 Feb 2016 17:13:57 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0956839693;
	Wed, 24 Feb 2016 22:13:53 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E1C32397D3
 for <tor-talk@lists.torproject.org>; Wed, 24 Feb 2016 22:13:49 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id t6cn0Etpt8-I for <tor-talk@lists.torproject.org>;
 Wed, 24 Feb 2016 22:13:49 +0000 (UTC)
Received: from mail.witmond.nl (unknown
 [IPv6:2001:980:71b2:1:6887:4dff:feed:7c36])
 by eugeni.torproject.org (Postfix) with ESMTP id 81A2F395D7
 for <tor-talk@lists.torproject.org>; Wed, 24 Feb 2016 22:13:49 +0000 (UTC)
Received: from [IPv6:2001:980:71b2:1::6] (unknown [IPv6:2001:980:71b2:1::6])
 by mail.witmond.nl (Postfix) with ESMTPSA id A5885C0684
 for <tor-talk@lists.torproject.org>; Wed, 24 Feb 2016 22:04:44 +0000 (UTC)
Message-ID: <56CE28F7.4040800@witmond.nl>
Date: Wed, 24 Feb 2016 23:04:39 +0100
From: Guido Witmond <guido@witmond.nl>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Icedove/31.8.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <56CB7795.7040501@witmond.nl> <56CC3191.1000402@beroal.in.ua>
 <56CCA590.5020506@witmond.nl> <56CCAA26.8070609@beroal.in.ua>
 <56CCC954.6080102@witmond.nl>
 <CAB7TAMmRBgO2FPvV8rpW7ZaWZ14hbvQ_3NZyhENi4bN1aKDBuw@mail.gmail.com>
 <56CCE201.7070706@witmond.nl>
 <CAB7TAM=kJZG=8eEka2sNBjyh-T7omJ7B1oBga--eDej6F_1-=A@mail.gmail.com>
In-Reply-To: <CAB7TAM=kJZG=8eEka2sNBjyh-T7omJ7B1oBga--eDej6F_1-=A@mail.gmail.com>
Subject: Re: [tor-talk] Tor for everyone;
	introducing Eccentric Authentication
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============4920646833070284536=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4920646833070284536==
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="wMJra3WHo8vjTFmQ2NHwbSM0Jnk4XvlMA"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--wMJra3WHo8vjTFmQ2NHwbSM0Jnk4XvlMA
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 02/24/16 00:22, Allen wrote:
>>
>> Secondly, with the requirement that nickname@sitename.tld to be unique=
,
>> I could write that nickname on a business card and hand it out. People=

>> could verify at a verification service that there is only one
>> certificate (and public key) for that name and be sure to have gotten
>> *my* public key. From that point, they can send encrypted messages to =
me.
>>
>=20
> That's not a service that I would use myself.  If I wanted people to be=

> able to get my public key from a business card, I would print the key
> itself on my card using a QR code.  The other stuff you listed also don=
't
> have much interest to me personally, but I can't speak for anyone else.=


Granted, it's secure to print a fingerprint on a business card but it's
not so user friendly. And as studies[1] have shown, most 'normal' people
won't be as judiciously with fingerprint validation as the security
minded. And I believe both groups deserve the same strength in security.

Would you use this service if all you'd have to do is type in the users'
nickname@site and your computer would validate if there is only one
certificate attached to that name. If so, you can be sure that only the
intended recipient can decrypt it. If the computer would find multiple
certificates - or none at all - it would give an error and doesn't allow
communication because it couldn't determine the correct public key to use=
=2E

Or what about being able to scribble a nickname@site address at the back
of a beer coaster in a bar.

My drive is to make key exchange happen as a natural part of normal
interactions between people. Not as a separate step that could be
neglected, forgotten or done wrong.


Regards, Guido Witmond.

1a: Why Johnny can't encrypt.
1b: Engineering Security, by Peter Gutmann.


--wMJra3WHo8vjTFmQ2NHwbSM0Jnk4XvlMA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWzij3AAoJEHPd8GglaNRmFXsP/34TWcAb/c7n8qRTiF9U4f6X
cDNn0TiDsDl/iO+Oc7eVcySTyY9DVBPn9FK5Ft6nPknJB+fYSXzBD8bFCiiUhsoh
yK2aqJVBolP22eBaraw9xXjbqCqOB48J9cnwPvLZo1xe87fYw+2aRsz5/7+kTdMN
4RJP1+En8HISjf72945FJDA0Qe0z5PBx7j2P7YvlXLkKi8uVd0YcwggIVt/t5sKk
8j5Adzumn1Ebp9e+joYbu5kPNEAx/FCmPav9yd00S2qcJLTEqsHofVYuY6pqTStP
iELU0Rfx87EMQ3HRmJphCaS3AxEbrjQUH8bIHMDp6NuJ3CCp/4KbRfbYZZcH+uGF
eoalucFe39s6KvbrfImdsPmUZn3/OOw4IFpQtvqJUn29K8gkoVOYidvzNJ4ljhM0
hl4w/vUR7gS7vT77F5CGYilyJOZ3+3s0auxFuu2TYrsEsrK3PNtG3Rtsu1EUcsl6
M69V3KZcalkH+ZuvIVHj4puaNsbZcqRo60mFmZPV2uq1F11wuyrFtujycBkllTwO
Fw29w7x8kW0wj2ZTVJobrgBKVjOw69Pndz/q2gYwzA1zE2Foko9e+tUFhwsCzAD5
Tj+9gg6RWbTfLjI4C7kq1AWMKTgKpC8pUKWHJ+ekrLM5O2Et8YN8sFszz5HVJ2fd
W5/f9aT6OaF5n3lv9qZG
=fZVM
-----END PGP SIGNATURE-----

--wMJra3WHo8vjTFmQ2NHwbSM0Jnk4XvlMA--

--===============4920646833070284536==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============4920646833070284536==--

