On Tue, Sep 10, 2013 at 09:01:49PM +0200, Guido Witmond wrote:
> My scheme does the opposite. It allows *total strangers* to exchange
> keys securely over the internet.
With a FOAF routing scheme with just 3 degrees of separation
there are not that many strangers left.
If you add opportunistic e
On 10/09/13 10:00, Guido Witmond wrote:
Hi Peter,
We really have different designs. I'll comment inline.
On 09/09/13 19:12, Peter Fairbrother wrote:
On 09/09/13 13:08, Guido Witmond wrote:
I like to look at it the other way round, retrieving the correct
name for a key.
You don't give someo
On 09/10/13 19:08, Peter Fairbrother wrote:
> The only assurance given by the scheme is that if a person gave you
> a hash which he generated himself, and you match it with a string and
> that string matches what you know about the person (eg their name or
> photo), then no-one else can have MTM'd
Hi Peter,
We really have different designs. I'll comment inline.
On 09/09/13 19:12, Peter Fairbrother wrote:
> On 09/09/13 13:08, Guido Witmond wrote:
> I like to look at it the other way round, retrieving the correct
> name for a key.
>
> You don't give someone your name, you give them an 80-b
On 09/09/13 13:08, Guido Witmond wrote:
Hi Perry,
I just came across your message [0] on retrieving the correct key for a
name. I believe that's called Squaring Zooko's Triangle.
I've come up with my ideas and protocol to address this need.
I call it eccentric-authentication. [1,2]
With Regard
Hi Perry,
I just came across your message [0] on retrieving the correct key for a
name. I believe that's called Squaring Zooko's Triangle.
I've come up with my ideas and protocol to address this need.
I call it eccentric-authentication. [1,2]
With Regards, Guido.
0: http://www.metzdowd.com/pi
On 2013-09-04 13:12:21 +0200 (+0200), Ilja Schmelzer wrote:
> There is already a large community of quite average users which use
> Torchat, which uses onion-Adresses as Ids, which are 512 bit hashs if
> I remember correctly.
>
> Typical ways of communication in this community are "look for my
> t
On 2013-09-06 00:04:07 +0200 (+0200), Ilja Schmelzer wrote:
[...]
> The point is another: a 512 bit hash as a personal id is
> something acceptable for average people and will not prevent them
> from using it. These average people do not have to care that much
> about such attacks. Those few who
On 2013-09-01 13:02:26 +1000 (+1000), James A. Donald wrote:
> On 2013-09-01 11:16 AM, Jeremy Stanley wrote:
> [...]
> > bring business cards (or even just slips of paper) with our name,
> > E-mail address and 160-bit key fingerprint.
> [...]
>
> The average user is disturbed by the sight a 160 bi
On Mon, Sep 2, 2013 at 7:19 PM, Perry E. Metzger wrote:
> On Mon, 2 Sep 2013 03:00:42 +0200 Faré wrote:
>> >> At intervals, the trustworthy organization (and others like it)
>> >> can send out email messages to Alice, encrypted in said key,
>> >> saying "Hi there! Please reply with a message cont
On Mon, 2 Sep 2013 19:53:03 +0200 Faré wrote:
> On Mon, Sep 2, 2013 at 7:19 PM, Perry E. Metzger
> wrote:
> > On Mon, 2 Sep 2013 03:00:42 +0200 Faré wrote:
> >> >> At intervals, the trustworthy organization (and others like
> >> >> it) can send out email messages to Alice, encrypted in said
> >>
On Mon, 2 Sep 2013 03:00:42 +0200 Faré wrote:
> >> At intervals, the trustworthy organization (and others like it)
> >> can send out email messages to Alice, encrypted in said key,
> >> saying "Hi there! Please reply with a message containing this
> >> magic cookie, encrypted in our key, signed in
>> So, how do I translate "al...@example.org" into a key?
>>
Once again, what do you think of namecoin?
A bitcoin-like consensual database based on proof of work.
If you also require proof-of-key via signature from the recipient,
majority attacks make DoS easy, but identity stealing is still
depend
On 25 August 2013 21:29, Perry E. Metzger wrote:
> [Disclaimer: very little in this seems deeply new, I'm just
> mixing it up in a slightly different way. The fairly simple idea I'm
> about to discuss has germs in things like SPKI, Certificate
> Transparency, the Perspectives project, SSH, and in
On 2013-09-01 11:16 AM, Jeremy Stanley wrote:
At free software conferences, where there is heavy community
penetration for OpenPGP already, it is common for many of us to bring
business cards (or even just slips of paper) with our name, E-mail
address and 160-bit key fingerprint. Useful not onl
On 2013-08-25 16:29:42 -0400 (-0400), Perry E. Metzger wrote:
[...]
> If I meet someone at a reception at a security conference, they might
> scrawl their email address ("al...@example.org") for me on a cocktail
> napkin.
>
> I'd like to be able to then write to them, say to discuss their
> exciti
[Disclaimer: very little in this seems deeply new, I'm just
mixing it up in a slightly different way. The fairly simple idea I'm
about to discuss has germs in things like SPKI, Certificate
Transparency, the Perspectives project, SSH, and indeed dozens of
other things. I think I even suggested a ver
17 matches
Mail list logo
