[Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)

Jerry Leichter leichter at lrw.com
Wed Aug 28 10:24:43 EDT 2013 

On Aug 28, 2013, at 8:52 AM, Perry E. Metzger wrote:

> On Tue, 27 Aug 2013 23:52:23 -0400 Jerry Leichter <leichter at lrw.com>
> wrote:
>> But none of that matters much any more.  "Publication" is usually
>> on-line, so contact addresses can be arbitrary links.  When we meet
>> in person, we can exchange large numbers of bits between our
>> smartphones.  Hell, even a business card can easily have a QR code
>> on the back.
> 
> Just as an FYI, this describes exactly zero of the times that I've
> gotten people's email or jabber addresses in recent years. Very
> typically people have written them down for me, told them to me over
> the phone, or the equivalent. I've had to read mine over the phone a
> fair bit, too.
The apps to make the transfer easy don't exist, so we still use the old mechanisms.  Think about the absurdity:  You have a high-speed digital connection to someone, and rather than using it to transfer a couple of hundred bits reliably, you encode it ambiguously in an analogue waveform, write it down on a piece of paper, then type that data back in.  Yes, it works - but does that sound like a rational way to do things?

> I wouldn't know how to trust publication online in the first
> place.
In exactly the same way you trust paper publications that contain today's style of addresses.

> 
> "Perry Metzger's email is <big string>"
> "How do I know that's true?"
And exactly how is this different from "Perry Metzger's email is perry at piermont.com"?

> "Because it is encrypted in <big string>"
> "What if that's a lie? I've never heard Perry utter <big string>"
> "What, you don't trust me? No dishonest person has a web server!"
> 
> If someone tells me they're foo at example.com, and I have a trustworthy
> way of mapping foo at example.com into a long lived key (see my first
> message in this sequence of three that triggered this discussion),
> life is a lot better.
A minority of people have addresses that are easy to remember.  Most - by far the majority - have some random-looking set of letters and digits with some part of their first or last name or a nickname embedded somewhere inside at gmail or yahoo or some institution.  You can say "Well, if everyone has their own server, then they can pick their own name" - but then you end up with non-memorable domain names.

Frankly, I have trouble remembering the last time I got someone's email address by having them tell it to me.  Most addresses come to me these days from LDAP or a similar institutional database; or embedded in a mail message (like one of the ones on this list); or printed somewhere.  Since I got a domain name way back when it was actually possible to get three-letter names, I have an address that's reasonably easy to tell people - so I'll often tell them, after they've rattled off something I'll certainly forget within minutes - "write to me at leichter at lrw.com so I'll have your address".  :-)
 
> I think this alone is a lot of why X.500 died
> so fast compared to SMTP -- the addresses were simply untenable, and
> they were at least in theory human readable.
X.500 died because everything it was connected to died.  And in the end it never actually got to the point where it solved anyone's problems.

> Anyway, I've already started implementing my proposed solution to
> that part of the problem. There is still a need for a distributed
> database to handle the lookup load, though, and one that is not the
> DNS.
It's perfectly reasonable to have human-name-to-computer-identity maps.  It's certainly something I depend on all the time at a local level:  Mail.app knows tons of addresses I use, and if all else fails I can, and do, search my previous email's to find someone's address.  (That makes for a much more flexible, and useful, person database than any stand-alone database I've seen:  I can search based on anything I can remember about the person, such as what he wrote about, when we last corresponded, who else was involved in the conversation.)  Large institutions have their own internal databases.  But a global database seems rather pointless to me.  There are too many people with similar names.  Try using LinkedIn to find someone who you only know a bit about by name.  Sometimes it works; sometimes you find ten people who *might* be the person you're looking for.

The whole notion of talking securely to someone who you yourself have no way of specifying uniquely is incoherent.  No clever implementation can help.

                                                        -- Jerry


> Perry
> -- 
> Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list