On 09/09/13 13:08, Guido Witmond wrote:
Hi Perry,

I just came across your message [0] on retrieving the correct key for a
name. I believe that's called Squaring Zooko's Triangle.

I've come up with my ideas and protocol to address this need.
I call it eccentric-authentication. [1,2]

With Regards, Guido.

0: http://www.metzdowd.com/pipermail/cryptography/2013-August/016870.html



I like to look at it the other way round, retrieving the correct name for a key.

You don't give someone your name, you give them an 80-bit key fingerprint. It looks something like m-NN4H-JS7Y-OTRH-GIRN. The m- is common to all, it just says this is one of that sort of hash.

There is only one to remember, your own.

The somebody uses the fingerprint in a semi-trusted (eg trusted not to give your email to spammers, but not trusted as far as giving the correct key goes) reverse lookup table, which is published and shared, and for which you write the entry and calculate the fingerprint by a long process to make say 20 bits more work.

Your entry would have your name, key, address, company, email address, twitter tag, facebook page, telephone number, photo, religious affiliation, claimed penis size, today's signed ephemeral DH or ECDHE keypart, and so on - whatever you want to put in it.

He then checks that you are someone he thinks you are, eg from the photo, checks the fingerprint, and if he wants to contact you he has already got your public key.

He cannot contact you without also getting your public key first - because you haven't given him your email address, just the hash.

[ That's what's planned for m-o-o-t (a CD-based live OS plus for secure-ish comms) anyway. As well, in m-o-o-t you can't contact anyone without checking the fingerprint, and you can't contact him in unencrypted form at all. Also the lookup uses a PIR system to avoid traffic analysis by lookup. It isn't available just now, so don't ask. ]

-- Peter Fairbrother
The cryptography mailing list

Reply via email to