Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
"Perry E. Metzger" writes: >I can think of no circumstances where I would voluntarily use LDAP as the >solution to any problem of any sort. "Our direct competitor has asked us to recommend a technology for . What should we recommend to them?". (Bit of an artificial example, but between that and Corba you can really mess up someone's business). Peter. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
Please stop using that stupid "Reply All" function; I'm on the list, and will hence see your reply anyway. I don't need my own bloody personal copy of it. -- Dave ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
On Thu, 29 Aug 2013 01:18:59 +1000 (EST) Dave Horsfall wrote: > On Wed, 28 Aug 2013, Perry E. Metzger wrote: > > > Anyway, I've already started implementing my proposed solution to > > that part of the problem. There is still a need for a distributed > > database to handle the lookup load, though, and one that is not > > the DNS. > > (Delurking) > > This suggests the use of LDAP. I can think of no circumstances where I would voluntarily use LDAP as the solution to any problem of any sort. In any case, you will note that LDAP does not actually solve the problem statement as I gave it: that is to say, users must be able to join the system without the permission or assistance of systems administrators. -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
On Aug 28, 2013, at 11:18 AM, Dave Horsfall wrote: > On Wed, 28 Aug 2013, Perry E. Metzger wrote: > >> Anyway, I've already started implementing my proposed solution to that >> part of the problem. There is still a need for a distributed database to >> handle the lookup load, though, and one that is not the DNS. > > (Delurking) > > This suggests the use of LDAP. I don't see that at all. In fact I think that nothing has hurt deployment of PKI more than LDAP. The problem for the email client is very simple: "What is the key etc. to send email to al...@example.com" I can solve that very easily with a HTTP lookup or a very short Web Service with JSON query syntax. If LDAP is involved there will be a consultant setting up the directory and building fancy DIT trees and racking up bills of $100,000+ for something that makes no difference to the actual query. Now if the certs are already in an LDAP directory then fine, lets pull data from that resource. But if they are not in LDAP already there are much easier ways to interface a database of certs to a query interface. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
On Wed, 28 Aug 2013, Perry E. Metzger wrote: > Anyway, I've already started implementing my proposed solution to that > part of the problem. There is still a need for a distributed database to > handle the lookup load, though, and one that is not the DNS. (Delurking) This suggests the use of LDAP. -- Dave ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
A different take on the problem: Would something built around identify-based encryption help here? It sounds very tempting: My email address (or any other string - say a bitmap of a picture of me) *is* my public key. The problem is that it requires a central server that implicitly has access to my private key. There are some proposals around to work around that (e.g., by constructing the key from a combination of keys from different key generators). But we could go another route: I can run a key generator on my own hardware. That doesn't quite solve the problem, since you now need a secure way to find my key generator - any generator will happily tell you how to encrypt using leich...@lrw.com to generate the public key, and *it* will have the corresponding private key. I don't quite see how to make this work, but IBE seems like a primitive that might be helpful, somehow. -- Jerry ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is exactly the problem that Kim Cameron and I tried to solve by developing what we called "call signs." The idea is to compress the hash of the public by solving a puzzle: find the arbitrary "salt" so that the hash of the salt and the public key ends with a large enough number of zeroes. (Or 1, or any arbitrary patterns.) Publish then the "call sign" as a fraction of the hash, say the leading bits, that is short enough to be memorized, or at least written on a napkin. Of course, you have to verify that N bits of call signs + M zeroes is long enough to provide a strong hash. The birthday paradox tells us that collisions will happen after 2^(N/2) users in the same space. We assumed that the practical length was at most 10 characters, 50 bits, which means collisions would happen after a few million users. We mitigated that by adding a human identifier in the mix, making the call sign something like "Perry.A32-H45Z-ZE0." Now the collisions only happen in the space of "all people named Perry", which is much smaller than "everybody." Of course, this was a Microsoft project, which Microsoft did not choose to develop. And it was patented... - -Original Message- From: cryptography-bounces+huitema=huitema@metzdowd.com [mailto:cryptography-bounces+huitema=huitema@metzdowd.com] On Behalf Of Perry E. Metzger Sent: Wednesday, August 28, 2013 5:53 AM To: Jerry Leichter Cc: Wendy M. Grossman; cryptography@metzdowd.com Subject: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks) On Tue, 27 Aug 2013 23:52:23 -0400 Jerry Leichter wrote: > But none of that matters much any more. "Publication" is usually > on-line, so contact addresses can be arbitrary links. When we meet > in person, we can exchange large numbers of bits between our > smartphones. Hell, even a business card can easily have a QR code > on the back. Just as an FYI, this describes exactly zero of the times that I've gotten people's email or jabber addresses in recent years. Very typically people have written them down for me, told them to me over the phone, or the equivalent. I've had to read mine over the phone a fair bit, too. I wouldn't know how to trust publication online in the first place. "Perry Metzger's email is " "How do I know that's true?" "Because it is encrypted in " "What if that's a lie? I've never heard Perry utter " "What, you don't trust me? No dishonest person has a web server!" If someone tells me they're f...@example.com, and I have a trustworthy way of mapping f...@example.com into a long lived key (see my first message in this sequence of three that triggered this discussion), life is a lot better. I think this alone is a lot of why X.500 died so fast compared to SMTP -- the addresses were simply untenable, and they were at least in theory human readable. Anyway, I've already started implementing my proposed solution to that part of the problem. There is still a need for a distributed database to handle the lookup load, though, and one that is not the DNS. Perry - -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/ Charset: utf-8 iQEcBAEBAgAGBQJSHgr0AAoJELba05IUOHVQdwgH/2bhJZYagObK1yzl27r9w+BP ests/CMmUOVxnAnICY0MeoH5/GLbyNX2u5ZKGh32DikoTCFEHpMItgxpT8hQpEtD 81j5NV4X2qRaYc183C0HGxpJe2Cq2vQNAVGTJbJAV08dDZuu2W/IxuPsBjF0U3p+ yxham0qSnbngYSNBi31WXg4X08EV/Z3H5NoTsWkiHfSs+LLcyT9uNXwi7IxP4tmU filmYGKBIdw16A9wGuqAy/V7edFG4tqgNtVdKH+yAYDGwY7NW+NYzOQCn8HOMQ4w sxXMDuUEg+KQ1PvtfIgk3tfTSEb45Rsiu9VH2Vir9PKOzzCzQIneJvG2V8nCDdI= =AtVw -END PGP SIGNATURE- ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
On Aug 28, 2013, at 8:52 AM, Perry E. Metzger wrote: > On Tue, 27 Aug 2013 23:52:23 -0400 Jerry Leichter > wrote: >> But none of that matters much any more. "Publication" is usually >> on-line, so contact addresses can be arbitrary links. When we meet >> in person, we can exchange large numbers of bits between our >> smartphones. Hell, even a business card can easily have a QR code >> on the back. > > Just as an FYI, this describes exactly zero of the times that I've > gotten people's email or jabber addresses in recent years. Very > typically people have written them down for me, told them to me over > the phone, or the equivalent. I've had to read mine over the phone a > fair bit, too. The apps to make the transfer easy don't exist, so we still use the old mechanisms. Think about the absurdity: You have a high-speed digital connection to someone, and rather than using it to transfer a couple of hundred bits reliably, you encode it ambiguously in an analogue waveform, write it down on a piece of paper, then type that data back in. Yes, it works - but does that sound like a rational way to do things? > I wouldn't know how to trust publication online in the first > place. In exactly the same way you trust paper publications that contain today's style of addresses. > > "Perry Metzger's email is " > "How do I know that's true?" And exactly how is this different from "Perry Metzger's email is pe...@piermont.com"? > "Because it is encrypted in " > "What if that's a lie? I've never heard Perry utter " > "What, you don't trust me? No dishonest person has a web server!" > > If someone tells me they're f...@example.com, and I have a trustworthy > way of mapping f...@example.com into a long lived key (see my first > message in this sequence of three that triggered this discussion), > life is a lot better. A minority of people have addresses that are easy to remember. Most - by far the majority - have some random-looking set of letters and digits with some part of their first or last name or a nickname embedded somewhere inside at gmail or yahoo or some institution. You can say "Well, if everyone has their own server, then they can pick their own name" - but then you end up with non-memorable domain names. Frankly, I have trouble remembering the last time I got someone's email address by having them tell it to me. Most addresses come to me these days from LDAP or a similar institutional database; or embedded in a mail message (like one of the ones on this list); or printed somewhere. Since I got a domain name way back when it was actually possible to get three-letter names, I have an address that's reasonably easy to tell people - so I'll often tell them, after they've rattled off something I'll certainly forget within minutes - "write to me at leich...@lrw.com so I'll have your address". :-) > I think this alone is a lot of why X.500 died > so fast compared to SMTP -- the addresses were simply untenable, and > they were at least in theory human readable. X.500 died because everything it was connected to died. And in the end it never actually got to the point where it solved anyone's problems. > Anyway, I've already started implementing my proposed solution to > that part of the problem. There is still a need for a distributed > database to handle the lookup load, though, and one that is not the > DNS. It's perfectly reasonable to have human-name-to-computer-identity maps. It's certainly something I depend on all the time at a local level: Mail.app knows tons of addresses I use, and if all else fails I can, and do, search my previous email's to find someone's address. (That makes for a much more flexible, and useful, person database than any stand-alone database I've seen: I can search based on anything I can remember about the person, such as what he wrote about, when we last corresponded, who else was involved in the conversation.) Large institutions have their own internal databases. But a global database seems rather pointless to me. There are too many people with similar names. Try using LinkedIn to find someone who you only know a bit about by name. Sometimes it works; sometimes you find ten people who *might* be the person you're looking for. The whole notion of talking securely to someone who you yourself have no way of specifying uniquely is incoherent. No clever implementation can help. -- Jerry > Perry > -- > Perry E. Metzger pe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
> There is still a need for a distributed > database to handle the lookup load, though, and one that is not the > DNS. > What do you think of namecoin? —♯ƒ • François-René ÐVB Rideau •Reflection&Cybernethics• http://fare.tunes.org Truth comes as conqueror only to those who have lost the art of receiving it as friend. — Tagore ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
On Wed, 28 Aug 2013 10:24:43 -0400 Jerry Leichter wrote: > > I wouldn't know how to trust publication online in the first > > place. > > In exactly the same way you trust paper publications that contain > today's style of addresses. But I don't. As I said, I typically get a friend or collaborator's email address from them or from someone else I know. I don't get them from paper publications, or QR codes. Often as not they are literally written on cocktail napkins at conference receptions. > > "Perry Metzger's email is " > > "How do I know that's true?" > And exactly how is this different from "Perry Metzger's email is > pe...@piermont.com"? If you meet me and I say it to you, I'm probably reasonably correct about it. If you ask a mutual friend what it is (possibly by email), they're probably reasonably correct. > A minority of people have addresses that are easy to remember. That's not true, actually. I know because I make a habit of not using an address book in my mail program. In any case, "easy to remember" isn't the issue, "easy to scribble down accurately" is. > Most - by far the majority - have some random-looking set of > letters and digits with some part of their first or last name or a > nickname embedded somewhere inside at gmail or yahoo or some > institution. So, I just did a check. I have a file with all the addresses I care about in it (I manually cut and paste them into email when I want to.) It has 625 addresses in it. Of those, 47 have digits in them. I note that the vast majority of those are addresses of people at Columbia University, which has a particularly bad naming system but where I have a lot of correspondents. Of the rest, the majority are things like "m...@example.com", or "joe.exam...@gmail.com" -- easy to write on a cocktail napkin. I note exactly none of the addresses contain 10 digits of base 64. Even the numeric ones are things like "jrn26" for someone with those initials, which is pretty easy to scribble down. > Frankly, I have trouble remembering the last time I got someone's > email address by having them tell it to me. For me, it was Monday, over the phone. Anyway, we both have our opinions here, I'm sure we're not going to come to a single agreement. I'm implementing something based on my hunches, I invite others to do the same. Let a thousand flowers bloom... Perry -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography