[Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)
Perry E. Metzger
perry at piermont.com
Wed Aug 28 08:52:47 EDT 2013
On Tue, 27 Aug 2013 23:52:23 -0400 Jerry Leichter <leichter at lrw.com>
wrote:
> But none of that matters much any more. "Publication" is usually
> on-line, so contact addresses can be arbitrary links. When we meet
> in person, we can exchange large numbers of bits between our
> smartphones. Hell, even a business card can easily have a QR code
> on the back.
Just as an FYI, this describes exactly zero of the times that I've
gotten people's email or jabber addresses in recent years. Very
typically people have written them down for me, told them to me over
the phone, or the equivalent. I've had to read mine over the phone a
fair bit, too.
I wouldn't know how to trust publication online in the first
place.
"Perry Metzger's email is <big string>"
"How do I know that's true?"
"Because it is encrypted in <big string>"
"What if that's a lie? I've never heard Perry utter <big string>"
"What, you don't trust me? No dishonest person has a web server!"
If someone tells me they're foo at example.com, and I have a trustworthy
way of mapping foo at example.com into a long lived key (see my first
message in this sequence of three that triggered this discussion),
life is a lot better. I think this alone is a lot of why X.500 died
so fast compared to SMTP -- the addresses were simply untenable, and
they were at least in theory human readable.
Anyway, I've already started implementing my proposed solution to
that part of the problem. There is still a need for a distributed
database to handle the lookup load, though, and one that is not the
DNS.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list