On Tue, 27 Aug 2013 23:52:23 -0400 Jerry Leichter <leich...@lrw.com> wrote: > But none of that matters much any more. "Publication" is usually > on-line, so contact addresses can be arbitrary links. When we meet > in person, we can exchange large numbers of bits between our > smartphones. Hell, even a business card can easily have a QR code > on the back.
Just as an FYI, this describes exactly zero of the times that I've gotten people's email or jabber addresses in recent years. Very typically people have written them down for me, told them to me over the phone, or the equivalent. I've had to read mine over the phone a fair bit, too. I wouldn't know how to trust publication online in the first place. "Perry Metzger's email is <big string>" "How do I know that's true?" "Because it is encrypted in <big string>" "What if that's a lie? I've never heard Perry utter <big string>" "What, you don't trust me? No dishonest person has a web server!" If someone tells me they're f...@example.com, and I have a trustworthy way of mapping f...@example.com into a long lived key (see my first message in this sequence of three that triggered this discussion), life is a lot better. I think this alone is a lot of why X.500 died so fast compared to SMTP -- the addresses were simply untenable, and they were at least in theory human readable. Anyway, I've already started implementing my proposed solution to that part of the problem. There is still a need for a distributed database to handle the lookup load, though, and one that is not the DNS. Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography