On Tue, 27 Aug 2013 23:52:23 -0400 Jerry Leichter <leich...@lrw.com>
> But none of that matters much any more.  "Publication" is usually
> on-line, so contact addresses can be arbitrary links.  When we meet
> in person, we can exchange large numbers of bits between our
> smartphones.  Hell, even a business card can easily have a QR code
> on the back.

Just as an FYI, this describes exactly zero of the times that I've
gotten people's email or jabber addresses in recent years. Very
typically people have written them down for me, told them to me over
the phone, or the equivalent. I've had to read mine over the phone a
fair bit, too.

I wouldn't know how to trust publication online in the first

"Perry Metzger's email is <big string>"
"How do I know that's true?"
"Because it is encrypted in <big string>"
"What if that's a lie? I've never heard Perry utter <big string>"
"What, you don't trust me? No dishonest person has a web server!"

If someone tells me they're f...@example.com, and I have a trustworthy
way of mapping f...@example.com into a long lived key (see my first
message in this sequence of three that triggered this discussion),
life is a lot better. I think this alone is a lot of why X.500 died
so fast compared to SMTP -- the addresses were simply untenable, and
they were at least in theory human readable.

Anyway, I've already started implementing my proposed solution to
that part of the problem. There is still a need for a distributed
database to handle the lookup load, though, and one that is not the

Perry E. Metzger                pe...@piermont.com
The cryptography mailing list

Reply via email to