----- Forwarded message from Phillip Hallam-Baker wrote: Op 19 sep. 2013, om 19:15 heeft Phillip Hallam-Baker Let us say I want to send an email to alice@example.com securely.
...
ppid:alice@example.com:example.net:
Syd6BMXje5DLqHhYSpQswhPcvDXj+8rK9LaonAfcNWM
...
example.net is a server which will resolve the reference by means of a
simple HTTP query using the pattern http://<host>/.well-known/ppid/<hash>
"Syd...NWM" is the Base64 hash of OID-SHA256 + SHA256(X)
..
So to use this as a mechanism for ghetto key distribution receivers
would add the URI into their account. Or let their PKI discovery agent do
it for them. We've been experimenting with much the same. With two twists. Basic
principle is the same. We use: - <namespace>:<id> as to keep it short. ID is currently a <sha1>; namespace is a 2-3 char
identifier. We then construct with this a 'hardcoded' zone name: <namespace>.fqdn-in-some-tld. which is to have a (signed) entry for in DNS: <id>.<ns>.<namespace>.fqdn-in-some-tld. which is in fact a first-come, first-served secure dynamic dns updatable
zone containing the public key. Which once created allows only updating to those (still) having the
private key of the public key that signed the initial claim of that <id>. Interesting, though I suspect this is attempting to meet different trust
requirements than I am.
A couple of days ago I spoke with someone well known here who has seen the
Snowden files. His take was that when the NSA has a choice of doing A or B
it always does both.
I think we need to adopt the same approach but in a way that lets all the
various approaches work together. It should not be necessary for me to
install five plug ins into Thunderbird to support five different flavors of
researchy trust infrastructure.
A better approach is to have one plug-in, or better native support for a
connector to a Web Service that can then perform all the researchy trust
infrastructure navigation on my behalf. The Web service can be shared
between users and when there is a new researchy trust infrastructure
proposed, all that is necessary to add it into the mix is to extend the Web
Service and everyone using it can try out the new scheme and see if it is
practical.
This approach does introduce the risk that the web service might be
compromised. Particularly if the client is unable to perform at least some
degree of local validation on the keys. But the long term expectation would
be that support for trust infrastructures that prove to be stable, widely
used, and effective will eventually migrate into the client.
At this point the experimental research question should be 'is this trust
infrastructure practical'. We can get a very good idea of the security
properties of the system by looking at how people use it and doing math.
--
Website: http://hallambaker.com/
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5