On 2013-09-04 13:12:21 +0200 (+0200), Ilja Schmelzer wrote:
> There is already a large community of quite average users which use
> Torchat, which uses onion-Adresses as Ids, which are 512 bit hashs if
> I remember correctly.
>
> Typical ways of communication in this community are "look for my
> torchat-id at forum example.net, I'm examplenick there."
[...]
You could do the same with OpenPGP keys too (look for my key at any
modern keyserver, I'm fu...@yuggoth.org there) but that misses the
possibility that in the future someone might upload a trojan key
claiming to be me and use it to sign and send them a spoofed
nefarious message, source code release tarball, git tag, whatever.
Handing them a copy of the key fingerprint gives them a means to
confirm the key they just pulled from the server is really the same
person who showed them a passport at the conference the month
before.
If there's no way for anyone to impersonate examplenick at forum
example.net then, sure, maybe simpler... but that forum is probably
not a distributed, highly available, cryptographically-verifiable
pool of key distribution API servers either.
--
{ PGP( 48F9961143495829 ); FINGER( fu...@cthulhu.yuggoth.org );
WWW( http://fungi.yuggoth.org/ ); IRC( fu...@irc.yuggoth.org#ccl );
WHOIS( STANL3-ARIN ); MUD( kin...@katarsis.mudpy.org:6669 ); }
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
