[Cryptography] Specification: Prism Proof Email

[Bill Frantz]

On 9/20/13 at 11:59 AM, hallam at gmail.com (Phillip Hallam-Baker) wrote:

>As someone who has seen the documents said to me this week, given a choice
>between A and B, the NSA does both. We have to do the same. Rather than
>have a pointless argument about whether Web 'o Trust or PKIX is the way to
>go, let everyone do both. Let people get a certificate from a CA and then
>get it endorsed by their peers: belt and braces.

This approach certainly meets my requirements. As a UI 
designer/user I want it to JFW (Just ... Work) invisibly under 
the covers. As a boarder-line paranoid, I want a indicator of 
which methods passed. :-)

Let's add to the list of methods the SSH method of, "The same 
key used the last time".

I assume users of the CA method would register with the CA in 
some maner which would probably cost money. (How the CA 
separates me from Bill Frantz, the professional photographer in 
Illinois is not going to be cheap.) I understand there is still 
a trademark dispute between the US beer Budwiser and the German 
beer of the same name.

In the WoT case, having your key fingerprint written on a QR 
code is a neat hack. Put it on the back of your business card[1].

I think CAs will be most useful for businesses while WoT will be 
most useful for individuals. Everyone will be more comfortable 
when the SSH test passes.

Cheers - Bill

[1] Back in days of yore, I needed to send some company private 
data to my home computer. I didn't have the fingerprint of my 
key at work, but I did have Carl Ellison's business card with 
the fingerprint of his key. He had signed my key which was 
available on a key server, so I had good enough reason to trust 
that the key was actually mine.

-----------------------------------------------------------------------
Bill Frantz        | Since the IBM Selectric, keyboards have gotten
408-356-8506       | steadily worse. Now we have touchscreen keyboards.
www.pwpconsult.com | Can we make something even worse?