Communicating public keys: A functional specification
A functional specification tells us how the user uses it, what he sees,
and what it does for him. It does not tell us how we manage to do it
for him.
The problem is that you want to tell someone over the phone, or on a
napkin, or face to face, information that will enable his client to
securely obtain your public key and network location so that end to end
secured communication can take place.
Also a chatroom's public key and network location.
We do not necessarily protect against security agencies figuring out
which public key is talking to which public key. That issue is out of
the scope of a functional specification, but we somewhat reduce the
usefulness of this information by allowing people to have lots of public
keys. So you probably have one key for activities that show your
unusual sexual preference, another key for job related activities,
another key for tax evasion related activities, another key for gun
running, and yet another for attempts to overthrow the regime.
Face to face:
Identifying information is nym, face, and location.
Recipient looks up the nym, sees a bunch of faces grouped by
geographic area. Geographic are usually, but not necessarily, has
some relation to users actual location, and may be very specific, or
very broad. It is a tree. One guy may locate his face at the node
"North America", another at the node New York, North America. You
may, of course, employ a well known cartoon character or movie star
as your avatar instead of your actual face. Fictional places are
permitted, but to avoid filling the namespace, not on the tree that
represents the real planet earth.
Over the phone.
Recipient looks up phone number. Finds a bunch of named keys
associated with the phone number - usually one key or a quite small
number of named keys.
Web or email.
Send a link that contains a 256 bit identifier, but the UI should
not show anyone the identifier.
The ordinary user by default finds himself using at least one key for
face to face key introductions, a different key or keys for phone
introductions, and yet more for web or email introductions. If he is
clever and reads the manual, which no one will ever do, he can use the
same key for multiple purposes.
All of these named keys have the same behavior when you click on them,
they are intended to be perceived by the user as being the same sort of
thing.
He can use the link, the named key, to attempt to contact, or buddy it,
or bookmark it.
The identifying link information looks like a web link, and is the
nickname of the public key. By default the nickname is the petname.
The user is free to edit this, but usually does not.
When he attempts to contact, this automatically buddies it and/or
bookmarks it.
When he finds a named key, he may "bookmark" it, together with one of
his own private keys - it goes into a datastructure that looks like, and
works like, browser bookmarks. He can also put it in his buddy list.
When you look at an item in your buddy list or bookmarks list, You see a
pair, the other guys key identifying information, and your own key
identifying information. You don't see the keys themselves, since they
look like line noise and will terrify the average user.
When you click on one of these bookmarks, this creates a connection if
your key is on the other guy's buddy list and he is online. You can
chat, video, whatever, end to end secured. Otherwise, if you are not on
his buddy list, or he is not presently online, you can send him
something that is very like an email, but end to end secure.
When you send a bunch of people a text communication, chat like,
chatroom like, or email like, they are cc or bcc. If cc, all recipients
of the communication get links, which they can, if they feel so
inclined, message, bookmark or buddy.
Text communication software vacuums up and stores all links, so if you
get an incoming communication from someone whose public key you have not
buddied or bookmarked, the software will tell you any past contacts you
may have had with this public key.
Buddied public keys are white listed for immediate online communication,
Bookmarked and buddied public keys are white listed for offline text
communication, public keys with past information about contacts are grey
listed, public keys with no previous contact information are blacklisted.
Because of automatic blacklisting, to contact, you have to /exchange/ keys.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
