Re: [Cryptography] Introducing strangers. Was: Thoughts about keys

2013-09-13 Thread Eugen Leitl 
On Wed, Sep 11, 2013 at 07:32:04PM +0200, Guido Witmond wrote:

  With a FOAF routing scheme with just 3 degrees of separation there
  are not that many strangers left.
 
 How do you meet people outside your circle of friends?

You don't. The message is routed through the social network, until
it reaches your destination.
 
 How do you stay anonymous? With FOAF, you have a single identity for it

By running onion routers like Tor on top of that routed network.
With FOAF I don't mean a specific system, but a generic small-world
social network, where each member is reachable in a small number
of hops.

 to work. I offer people many different identities. But all of them are
 protected, and all communication encrypted.
 
 That's what my protocol addresses. To introduce new people to one
 another, securely. You might not know the person but you are sure that
 your private message is encrypted and can only be read by that person.
 
 Of course, as it's a stranger, you don't trust them with your secrets.
 
 For example, to let people from this mailing list send encrypted mail to
 each other, without worrying about the keys. The protocol has already
 taken care of that. No fingerprint checking. No web of trust validation.
 
 
  If you add opportunistic encryption at a low transport layer, plus
  additional layers on top of you've protected the bulk of traffic.
 
 I don't just want to encrypt the bulk, I want to encrypt everything, all

With multilayer transport protection, you'll get multiple layers
of encryption for your typical connection.

 the time. It makes Tor traffic much more hidden.
 
 
 There is more
 
 The local CA (one for each website) signs both the server and client
 certificates. The client only identifies itself to the server after it
 has recognized the server certificate. This blocks phishing attempts to
 web sites (only a small TOFU risk remains). And that can be mitigated
 with a proper dose of Certificate Transparency.
 
 Kind regards, Guido Witmond,
 
 
 Please see the site for more details:
   http://eccentric-authentication.org/


signature.asc
Description: Digital signature
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Introducing strangers. Was: Thoughts about keys

2013-09-11 Thread Guido Witmond 
On 09/11/13 10:43, Eugen Leitl wrote:
 On Tue, Sep 10, 2013 at 09:01:49PM +0200, Guido Witmond wrote:
 
 My scheme does the opposite. It allows *total strangers* to
 exchange keys securely over the internet.
 
 With a FOAF routing scheme with just 3 degrees of separation there
 are not that many strangers left.

How do you meet people outside your circle of friends?

How do you stay anonymous? With FOAF, you have a single identity for it
to work. I offer people many different identities. But all of them are
protected, and all communication encrypted.

That's what my protocol addresses. To introduce new people to one
another, securely. You might not know the person but you are sure that
your private message is encrypted and can only be read by that person.

Of course, as it's a stranger, you don't trust them with your secrets.

For example, to let people from this mailing list send encrypted mail to
each other, without worrying about the keys. The protocol has already
taken care of that. No fingerprint checking. No web of trust validation.


 If you add opportunistic encryption at a low transport layer, plus
 additional layers on top of you've protected the bulk of traffic.

I don't just want to encrypt the bulk, I want to encrypt everything, all
the time. It makes Tor traffic much more hidden.


There is more

The local CA (one for each website) signs both the server and client
certificates. The client only identifies itself to the server after it
has recognized the server certificate. This blocks phishing attempts to
web sites (only a small TOFU risk remains). And that can be mitigated
with a proper dose of Certificate Transparency.

Kind regards, Guido Witmond,


Please see the site for more details:
http://eccentric-authentication.org/




signature.asc
Description: OpenPGP digital signature
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography