Delivery-Date: Thu, 25 Feb 2016 05:58:19 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 44D791E02B7;
	Thu, 25 Feb 2016 05:58:17 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 96270393F2;
	Thu, 25 Feb 2016 10:58:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 213AF393EC
 for <tor-talk@lists.torproject.org>; Thu, 25 Feb 2016 10:58:09 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Aig8IrpCxOx1 for <tor-talk@lists.torproject.org>;
 Thu, 25 Feb 2016 10:58:09 +0000 (UTC)
Received: from u1.1gb.ua (smtp-1.1gb.com.ua [195.234.4.10])
 by eugeni.torproject.org (Postfix) with ESMTP id 9FC58393D2
 for <tor-talk@lists.torproject.org>; Thu, 25 Feb 2016 10:58:07 +0000 (UTC)
Received: from Spooler by u1.1gb.ua (Mercury/32 v4.52) ID MO00002B;
 25 Feb 2016 12:58:08 +0200
Received: from spooler by mail-u1-robots.in-solve.hidden (Mercury/32 v4.52);
 25 Feb 2016 12:57:58 +0200
Received: from ul1.1gb.ua (195.234.4.24) by smtp-1.1gb.com.ua (Mercury/32
 v4.52) with ESMTP ID MG00002A; 25 Feb 2016 12:57:54 +0200
Received: from [192.162.141.53] ([192.162.141.53]) (authenticated bits=0)
 by ul1.1gb.ua (8.14.9/8.14.0) with ESMTP id u1PAvqOb020769
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <tor-talk@lists.torproject.org>; Thu, 25 Feb 2016 12:57:52 +0200
To: tor-talk@lists.torproject.org
References: <56CB7795.7040501@witmond.nl> <56CC3191.1000402@beroal.in.ua>
 <56CCA590.5020506@witmond.nl> <56CCAA26.8070609@beroal.in.ua>
 <56CCC954.6080102@witmond.nl>
 <CAB7TAMmRBgO2FPvV8rpW7ZaWZ14hbvQ_3NZyhENi4bN1aKDBuw@mail.gmail.com>
 <56CCE201.7070706@witmond.nl>
 <CAB7TAM=kJZG=8eEka2sNBjyh-T7omJ7B1oBga--eDej6F_1-=A@mail.gmail.com>
 <56CE28F7.4040800@witmond.nl>
 <56ce2e4d.8518370a.50ae9.ffffb299@mx.google.com>
 <56CE3C0A.1060702@witmond.nl>
From: me@beroal.in.ua
Message-ID: <56CEDE2F.20407@beroal.in.ua>
Date: Thu, 25 Feb 2016 12:57:51 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56CE3C0A.1060702@witmond.nl>
Subject: Re: [tor-talk] Tor for everyone;
	introducing Eccentric Authentication
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 25.02.16 01:26, Guido Witmond wrote:
> On 02/24/16 23:26, juan wrote:
>> On Wed, 24 Feb 2016 23:04:39 +0100
>> Guido Witmond <guido@witmond.nl> wrote:
>>
>>> My drive is to make key exchange happen as a natural part of normal
>>> interactions between people.
>> 	So teach people how to exchange keys.
> Teaching is not a solution. See Peter Gutmann's book Security
> Engineering. 800+ Pages of disasters with security. Depressing and
> enlightening ;-)
A magic wand is a solution. :-)

>>> Not as a separate step that could be
>>> neglected, forgotten or done wrong.
>> 	Ah you want key exchange without key exchange? That is, of
>> 	course, absurd.
> I don't want *people* to exchange keys. I envision people to exchange
> names and let computers do the key lookup.

> So the exchange of a human readable name - the id@site - implies that I
> can deduce the correct public key. The one-to-one relationship between
> names and keys makes it easy for humans to excahnge a name and for the
> computer to figure out the correct public key.
>
>
> So, to answer your question: people communicate id@site names, the
> computer verifies the uniqness properties to determine the corresponding
> public keys. The requirement to make the relation between names and
> public keys is key. Pun intended.
>
Though I don't understand your protocol, I don't like id@site names. 
That site belongs to a corporation, so I depend on a corporation which I 
can't control. There is a more fundamental problem with human readable 
names. There is competition for nice names like "sex" or "casino", for 
example, in the domain of domain names. This competition is resolved 
with auctions. So a human readable name is paid, and its owner depends 
on the registrar.Public key fingerprints are a solution to both problems.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

