On 2013-09-04 13:12:21 +0200 (+0200), Ilja Schmelzer wrote: > There is already a large community of quite average users which use > Torchat, which uses onion-Adresses as Ids, which are 512 bit hashs if > I remember correctly. > > Typical ways of communication in this community are "look for my > torchat-id at forum example.net, I'm examplenick there." [...]
You could do the same with OpenPGP keys too (look for my key at any modern keyserver, I'm fu...@yuggoth.org there) but that misses the possibility that in the future someone might upload a trojan key claiming to be me and use it to sign and send them a spoofed nefarious message, source code release tarball, git tag, whatever. Handing them a copy of the key fingerprint gives them a means to confirm the key they just pulled from the server is really the same person who showed them a passport at the conference the month before. If there's no way for anyone to impersonate examplenick at forum example.net then, sure, maybe simpler... but that forum is probably not a distributed, highly available, cryptographically-verifiable pool of key distribution API servers either. -- { PGP( 48F9961143495829 ); FINGER( fu...@cthulhu.yuggoth.org ); WWW( http://fungi.yuggoth.org/ ); IRC( fu...@irc.yuggoth.org#ccl ); WHOIS( STANL3-ARIN ); MUD( kin...@katarsis.mudpy.org:6669 ); } _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography