[Cryptography] How to build trust in crypto (was:recommending ChaCha20 instead of RC4)
Guido Witmond
guido at witmond.nl
Mon Mar 17 08:58:39 EDT 2014
Hi Natanael,
On 03/17/14 11:40, Natanael wrote:
> 2014-03-17 0:42 GMT+01:00 Guido Witmond <guido at witmond.nl>:
>> On 03/16/14 15:57, Ralf Senderek wrote:
>>
>>> The challenge is this:
>>>
>>> "Show me the whole practical process anyone on this planet can
>>> use to have a secure online communication with someone else."
>>
>> Ralf, I'll pick up the gauntlet. I think I've come up with a
>> worthy contestant to your challenge.
>>
>> Not only, I'll show how someone can have a secure online
>> communication with someone else. I'll create a secure channel
>> between two people who have never met before.
>>
>> Here's how: [...] F. One more thing to do: verify that the CN of
>> the other party is unique at teh global registry. It makes sure
>> there is no Man-in-the-Middle, making the CN truly a substitute key
>> for the pubkey.
>
> What if it never is unique?
The eccentric-authentication protocol requires nick names to be unique
for each site.
That requirement is what makes the CN a human memorable identifier. A
substitute for the true identity, the public key.
Only the site's own Client Certificate Signer can sign certificates for
the site, so it is responsible not to sign the same name twice.
The registry is there to validate that the site's Signer adheres to that.
The registry verifies that a certificate is signed by a subCA of the
Root that is specified in the DNSSEC/DANE entry for the site.
The site's Root CA public key is the *identity* of the site. DANE is
used to give it a human memorable name. DNSSEC is used to make it
verifiable unique. (Again, with help from the registry).
This is how Eccentric-authentication squares Zooko's triangle.
> Also, Namecoin can do pretty much the same thing that your series of
> steps there does. It's based on the Bitcoin blockchain tech, but
> instead of simply just being a currency you can register both domain
> names and public keys and a variety of other data in it. So there the
> steps are to acquire some NMC (it's currency that you need to
> register things) and spend it to register your public key with your
> name. Then people can look for each other by name in the blockchain.
> It still has the same problem, what if the name isn't unique enough?
> If you don't know *exactly* what it should be, then you don't know
> who you're talking to.
Namecoin has a cost, so people would not easily want to create throwaway
names.
In a different thread [1] on this list, I just wrote a use case about
two Ugandan gays who want to meet without their government finding out.
They mustn't be tempted to keep their keys or reuse identities. Nor
should there be a trace back to their namecoin or bitcoin address either.
In future, Namecoins might be used as a replacement for DNS, DNSSEC and
DANE in the eccentric authentic protocol. It needs support at the
TLS-connection level to lookup the data in the Namecoin chain instead of
DNS.
With Regards,
Guido Witmond.
1: Client certificates as a defense against MITM attacks. At 12:52 UTC+1
(Amsterdam time), waiting for approval....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140317/b49ee92c/attachment.pgp>
More information about the cryptography
mailing list