[Cryptography] How to build trust in crypto (was:recommending ChaCha20 instead of RC4)
Ralf Senderek
crypto at senderek.ie
Tue Mar 18 13:26:47 EDT 2014
On Tue, 18 Mar 2014 14:09:32 Guido Witmond wrote:
> both end-points [...] have a secure channel but neither party, nor
> the site, learns anything else about the other.
> Not even IP-addresses when using Tor.
Certainly this is no foundation for trusted communication.
> Indeed, on the internet, nobody knows you're a dog. At least, give me
> the tools to get back to the same dog I met last time. I believe that to
> be a requirement in Ralf's challenge.
Not at all, if I wished to have a secure channel to Bruce Schneier and
I use key the key from his web site, I'd want that the one who is
reading my encrypted messages is exactly the one that creates all
the stuff that I get on the 15th day of the month. And I'd want that only
this one person can decrypt and that this is done in a secure environment
which does not expose my messages to others. Short of that I wouldn't call
this a trusted communication, because the reason I'd start the contact is
my belief that - given all the context I know about Bruce - this endpoint
decryptor will actually respond to the content of my message in a way I
can predict to be what I want it to be. And (please) let me call this
trust.
--ralf
More information about the cryptography
mailing list