Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
Perry E. Metzger pe...@piermont.com writes: I can think of no circumstances where I would voluntarily use LDAP as the solution to any problem of any sort. Our direct competitor has asked us to recommend a technology for whatever it is that LDAP is meant to be the solution for. What should we recommend to them?. (Bit of an artificial example, but between that and Corba you can really mess up someone's business). Peter. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
On Thu, 29 Aug 2013 01:18:59 +1000 (EST) Dave Horsfall d...@horsfall.org wrote: On Wed, 28 Aug 2013, Perry E. Metzger wrote: Anyway, I've already started implementing my proposed solution to that part of the problem. There is still a need for a distributed database to handle the lookup load, though, and one that is not the DNS. (Delurking) This suggests the use of LDAP. I can think of no circumstances where I would voluntarily use LDAP as the solution to any problem of any sort. In any case, you will note that LDAP does not actually solve the problem statement as I gave it: that is to say, users must be able to join the system without the permission or assistance of systems administrators. -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
Please stop using that stupid Reply All function; I'm on the list, and will hence see your reply anyway. I don't need my own bloody personal copy of it. -- Dave ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
On Wed, 28 Aug 2013 10:24:43 -0400 Jerry Leichter leich...@lrw.com wrote: I wouldn't know how to trust publication online in the first place. In exactly the same way you trust paper publications that contain today's style of addresses. But I don't. As I said, I typically get a friend or collaborator's email address from them or from someone else I know. I don't get them from paper publications, or QR codes. Often as not they are literally written on cocktail napkins at conference receptions. Perry Metzger's email is big string How do I know that's true? And exactly how is this different from Perry Metzger's email is pe...@piermont.com? If you meet me and I say it to you, I'm probably reasonably correct about it. If you ask a mutual friend what it is (possibly by email), they're probably reasonably correct. A minority of people have addresses that are easy to remember. That's not true, actually. I know because I make a habit of not using an address book in my mail program. In any case, easy to remember isn't the issue, easy to scribble down accurately is. Most - by far the majority - have some random-looking set of letters and digits with some part of their first or last name or a nickname embedded somewhere inside at gmail or yahoo or some institution. So, I just did a check. I have a file with all the addresses I care about in it (I manually cut and paste them into email when I want to.) It has 625 addresses in it. Of those, 47 have digits in them. I note that the vast majority of those are addresses of people at Columbia University, which has a particularly bad naming system but where I have a lot of correspondents. Of the rest, the majority are things like m...@example.com, or joe.exam...@gmail.com -- easy to write on a cocktail napkin. I note exactly none of the addresses contain 10 digits of base 64. Even the numeric ones are things like jrn26 for someone with those initials, which is pretty easy to scribble down. Frankly, I have trouble remembering the last time I got someone's email address by having them tell it to me. For me, it was Monday, over the phone. Anyway, we both have our opinions here, I'm sure we're not going to come to a single agreement. I'm implementing something based on my hunches, I invite others to do the same. Let a thousand flowers bloom... Perry -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
There is still a need for a distributed database to handle the lookup load, though, and one that is not the DNS. What do you think of namecoin? —♯ƒ • François-René ÐVB Rideau •ReflectionCybernethics• http://fare.tunes.org Truth comes as conqueror only to those who have lost the art of receiving it as friend. — Tagore ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is exactly the problem that Kim Cameron and I tried to solve by developing what we called call signs. The idea is to compress the hash of the public by solving a puzzle: find the arbitrary salt so that the hash of the salt and the public key ends with a large enough number of zeroes. (Or 1, or any arbitrary patterns.) Publish then the call sign as a fraction of the hash, say the leading bits, that is short enough to be memorized, or at least written on a napkin. Of course, you have to verify that N bits of call signs + M zeroes is long enough to provide a strong hash. The birthday paradox tells us that collisions will happen after 2^(N/2) users in the same space. We assumed that the practical length was at most 10 characters, 50 bits, which means collisions would happen after a few million users. We mitigated that by adding a human identifier in the mix, making the call sign something like Perry.A32-H45Z-ZE0. Now the collisions only happen in the space of all people named Perry, which is much smaller than everybody. Of course, this was a Microsoft project, which Microsoft did not choose to develop. And it was patented... - -Original Message- From: cryptography-bounces+huitema=huitema@metzdowd.com [mailto:cryptography-bounces+huitema=huitema@metzdowd.com] On Behalf Of Perry E. Metzger Sent: Wednesday, August 28, 2013 5:53 AM To: Jerry Leichter Cc: Wendy M. Grossman; cryptography@metzdowd.com Subject: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks) On Tue, 27 Aug 2013 23:52:23 -0400 Jerry Leichter leich...@lrw.com wrote: But none of that matters much any more. Publication is usually on-line, so contact addresses can be arbitrary links. When we meet in person, we can exchange large numbers of bits between our smartphones. Hell, even a business card can easily have a QR code on the back. Just as an FYI, this describes exactly zero of the times that I've gotten people's email or jabber addresses in recent years. Very typically people have written them down for me, told them to me over the phone, or the equivalent. I've had to read mine over the phone a fair bit, too. I wouldn't know how to trust publication online in the first place. Perry Metzger's email is big string How do I know that's true? Because it is encrypted in big string What if that's a lie? I've never heard Perry utter big string What, you don't trust me? No dishonest person has a web server! If someone tells me they're f...@example.com, and I have a trustworthy way of mapping f...@example.com into a long lived key (see my first message in this sequence of three that triggered this discussion), life is a lot better. I think this alone is a lot of why X.500 died so fast compared to SMTP -- the addresses were simply untenable, and they were at least in theory human readable. Anyway, I've already started implementing my proposed solution to that part of the problem. There is still a need for a distributed database to handle the lookup load, though, and one that is not the DNS. Perry - -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/ Charset: utf-8 iQEcBAEBAgAGBQJSHgr0AAoJELba05IUOHVQdwgH/2bhJZYagObK1yzl27r9w+BP ests/CMmUOVxnAnICY0MeoH5/GLbyNX2u5ZKGh32DikoTCFEHpMItgxpT8hQpEtD 81j5NV4X2qRaYc183C0HGxpJe2Cq2vQNAVGTJbJAV08dDZuu2W/IxuPsBjF0U3p+ yxham0qSnbngYSNBi31WXg4X08EV/Z3H5NoTsWkiHfSs+LLcyT9uNXwi7IxP4tmU filmYGKBIdw16A9wGuqAy/V7edFG4tqgNtVdKH+yAYDGwY7NW+NYzOQCn8HOMQ4w sxXMDuUEg+KQ1PvtfIgk3tfTSEb45Rsiu9VH2Vir9PKOzzCzQIneJvG2V8nCDdI= =AtVw -END PGP SIGNATURE- ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
A different take on the problem: Would something built around identify-based encryption help here? It sounds very tempting: My email address (or any other string - say a bitmap of a picture of me) *is* my public key. The problem is that it requires a central server that implicitly has access to my private key. There are some proposals around to work around that (e.g., by constructing the key from a combination of keys from different key generators). But we could go another route: I can run a key generator on my own hardware. That doesn't quite solve the problem, since you now need a secure way to find my key generator - any generator will happily tell you how to encrypt using leich...@lrw.com to generate the public key, and *it* will have the corresponding private key. I don't quite see how to make this work, but IBE seems like a primitive that might be helpful, somehow. -- Jerry ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
On Wed, 28 Aug 2013, Perry E. Metzger wrote: Anyway, I've already started implementing my proposed solution to that part of the problem. There is still a need for a distributed database to handle the lookup load, though, and one that is not the DNS. (Delurking) This suggests the use of LDAP. -- Dave ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
On Aug 28, 2013, at 11:18 AM, Dave Horsfall d...@horsfall.org wrote: On Wed, 28 Aug 2013, Perry E. Metzger wrote: Anyway, I've already started implementing my proposed solution to that part of the problem. There is still a need for a distributed database to handle the lookup load, though, and one that is not the DNS. (Delurking) This suggests the use of LDAP. I don't see that at all. In fact I think that nothing has hurt deployment of PKI more than LDAP. The problem for the email client is very simple: What is the key etc. to send email to al...@example.com I can solve that very easily with a HTTP lookup or a very short Web Service with JSON query syntax. If LDAP is involved there will be a consultant setting up the directory and building fancy DIT trees and racking up bills of $100,000+ for something that makes no difference to the actual query. Now if the certs are already in an LDAP directory then fine, lets pull data from that resource. But if they are not in LDAP already there are much easier ways to interface a database of certs to a query interface. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
