On 09/09/13 13:08, Guido Witmond wrote:
I just came across your message  on retrieving the correct key for a
name. I believe that's called Squaring Zooko's Triangle.
I've come up with my ideas and protocol to address this need.
I call it eccentric-authentication. [1,2]
With Regards, Guido.
I like to look at it the other way round, retrieving the correct name
for a key.
You don't give someone your name, you give them an 80-bit key
fingerprint. It looks something like m-NN4H-JS7Y-OTRH-GIRN. The m- is
common to all, it just says this is one of that sort of hash.
There is only one to remember, your own.
The somebody uses the fingerprint in a semi-trusted (eg trusted not to
give your email to spammers, but not trusted as far as giving the
correct key goes) reverse lookup table, which is published and shared,
and for which you write the entry and calculate the fingerprint by a
long process to make say 20 bits more work.
Your entry would have your name, key, address, company, email address,
twitter tag, facebook page, telephone number, photo, religious
affiliation, claimed penis size, today's signed ephemeral DH or ECDHE
keypart, and so on - whatever you want to put in it.
He then checks that you are someone he thinks you are, eg from the
photo, checks the fingerprint, and if he wants to contact you he has
already got your public key.
He cannot contact you without also getting your public key first -
because you haven't given him your email address, just the hash.
[ That's what's planned for m-o-o-t (a CD-based live OS plus for
secure-ish comms) anyway. As well, in m-o-o-t you can't contact anyone
without checking the fingerprint, and you can't contact him in
unencrypted form at all. Also the lookup uses a PIR system to avoid
traffic analysis by lookup. It isn't available just now, so don't ask. ]
-- Peter Fairbrother
The cryptography mailing list