[Cryptography] Introducing strangers. Was: Thoughts about keys

Guido Witmond guido at witmond.nl
Wed Sep 11 13:32:04 EDT 2013


On 09/11/13 10:43, Eugen Leitl wrote:
> On Tue, Sep 10, 2013 at 09:01:49PM +0200, Guido Witmond wrote:
> 
>> My scheme does the opposite. It allows *total strangers* to
>> exchange keys securely over the internet.
> 
> With a FOAF routing scheme with just 3 degrees of separation there
> are not that many strangers left.

How do you meet people outside your circle of friends?

How do you stay anonymous? With FOAF, you have a single identity for it
to work. I offer people many different identities. But all of them are
protected, and all communication encrypted.

That's what my protocol addresses. To introduce new people to one
another, securely. You might not know the person but you are sure that
your private message is encrypted and can only be read by that person.

Of course, as it's a stranger, you don't trust them with your secrets.

For example, to let people from this mailing list send encrypted mail to
each other, without worrying about the keys. The protocol has already
taken care of that. No fingerprint checking. No web of trust validation.


> If you add opportunistic encryption at a low transport layer, plus
> additional layers on top of you've protected the bulk of traffic.

I don't just want to encrypt the bulk, I want to encrypt everything, all
the time. It makes Tor traffic much more hidden.


There is more

The local CA (one for each website) signs both the server and client
certificates. The client only identifies itself to the server after it
has recognized the server certificate. This blocks phishing attempts to
web sites (only a small TOFU risk remains). And that can be mitigated
with a proper dose of Certificate Transparency.

Kind regards, Guido Witmond,


Please see the site for more details:
	http://eccentric-authentication.org/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130911/81b8843e/attachment.pgp>


More information about the cryptography mailing list