Bruce Leidl from Subgraph presented Nyms [1]. This is a system with a central key-signing / key-directory infrastructure and a strong focus on reducing the trust needed in that infrastructure:
- Instead of a single authority a quorum of M (of N) parties have to agree on a user's public key. - Once Alice has retrieved Bob's public key, she performs anonymized lookups at random intervals for auditing. Instead of Tor the anonymized lookups use the directory servers as a mix net. (Which is interesting, is that for high-latency anonymity or something else?) There's other sensible details, e.g. - Users are registered via an email exchange. - Keys are removed from directory servers if users don't confirm periodically. Q: I think the idea is to have a single M-of-N infrastructure sign keys for everyone, but the website also mentions "participating providers" who can sign keys for their users. It's unclear how these provider-based authorities fit in? ====== Tom Ritter made some great points [2], among them: * An email provider is in some sense "authoritative" for emails from its domain. In particular, it could forge registration emails from its users, so any system based on these will end up trusting the provider. Yet I'd ALSO claim the provider is one of the most important entities for end-to-end crypto to protect us from. Conundrum. * My initial email conflated a "keyserver" with both "the authority signing a key" and "the directory serving the signed key". Tom points out most projects separate these. ====== Elijah criticized the idea of applying CT to the "user key problem" [3]. I think the crux of his argument is that we want anonymized key lookup for relationship-hiding anyways, so we can use that for auditing (like Nyms). CT doesn't "add enough benefit to justify the complexity". That's an interesting claim - it seems like both approaches need to be worked out more before we could really assess that. ====== Some PGP vs S/MIME vs other discussion. That should probably be another thread, another time (divisive, not that interesting). ====== Greg and Trevor on Blockchains / NameCoin - Not a highlight yet, but I've promised to have an opinion and create a discussion about this, it's a worthy topic. Trevor [1] https://moderncrypto.org/mail-archive/messaging/2014/000602.html [2] https://moderncrypto.org/mail-archive/messaging/2014/000613.html [3] https://moderncrypto.org/mail-archive/messaging/2014/000616.html _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
