On Aug 27, 2013, at 9:48 PM, Perry E. Metzger wrote:

> On Tue, 27 Aug 2013 22:04:22 +0100 "Wendy M. Grossman"
> <wen...@pelicancrossing.net> wrote:
>> On 08/27/2013 18:34, ianG wrote:
>>> Why do we need the 1980s assumption of being able to send freely
>>> to everyone, anyway?
>> It's clear you're not a journalist or working in any other
>> profession where you actually need to be able to communicate
>> spontaneously with strangers.
> Of course, as a reporter, you are probably getting email addresses of
> people to talk to via referral, and that could be used to get past the
> barrier. The problem of people spontaneously contacting a published
> address is harder.
Actually, it isn't, or shouldn't be.  Email addresses were originally things 
you typed into a terminal.  They had to be short, memorable, and easy to type.  
"Published" meant "printed on paper", which implied typing the thing back in.

But none of that matters much any more.  "Publication" is usually on-line, so 
contact addresses can be arbitrary links.  When we meet in person, we can 
exchange large numbers of bits between our smartphones.  Hell, even a business 
card can easily have a QR code on the back.

Suppose, as in Bitcoin, my email address *is* my public key.  If you wanted to 
send me email, you'd have a routing problem - but I could even give you hints:  
My address would be leich...@lrw.com:<public key>.  You can try there first, or 
you can look up my public key in some global dictionary.  An attacker could get 
your mail to me to go to them, but they can't read it - you already know my 
public key, so only *I* can read it.  The only attack they can mount is a 
denial of service.  I can have any number of public keys, and all published 
routes to me may go through a mix - so I can minimize metadata leakage.

The assumption that "initial contact information" has to be something 
human-processable creates the whole "how do I securely map contact information 
to a key" problem.  Flip it around and that problem vanishes.

                                                        -- Jerry

> I don't claim to have all the answers, but experimentation will
> probably tell us a lot more than simply thinking in the abstract.
> -- 
> Perry E. Metzger              pe...@piermont.com
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

The cryptography mailing list

Reply via email to