[Cryptography] OpenPGP and trust

[Natanael]

On Sun, Mar 30, 2014 at 8:44 AM, Stuart Longland
<stuartl at longlandclan.yi.org> wrote:
> On Sat, 29 Mar 2014 19:22:54 -0700, Watson Ladd wrote:
>
>> On Sat, Mar 29, 2014 at 6:57 PM, Dave Horsfall <dave at horsfall.org>
>> wrote:
>>> Naturally I changed the key every so often, because the idiots regarded
>>> it as a challenge to decrypt my commands (I'd quickly learned to avoid
>>> replay attacks by using some sort of a rolling-key scheme), but strong
>>> crypto was, and still is, a definite no-no.
>
> Indeed, this is one exact scenario I'm thinking of.  In my case, proving
> I'm "VK4MSL" to an automatic station (regardless of the medium; it could
> equally be the Internet or a radio link), and thus allowing the station
> to make a decision as to, based on my alleged identity, grant me
> particular privileges.
>

[...]

> The other thing I want to remove, is reliance on a central system, where
> it be Logbook Of The World, QRZ.com, HamQTH.com, or having to verify
> yourself again and again (e.g. EchoLink require you to email them a scan
> of your license).
>
> (The irony that I'm trying to remedy the situation of multiple databases
> by effectively creating another is not lost on me.  The thing I'm *not*
> doing, is creating another *centralised* database.)

[...]

> I'm just looking at ways of using existing technology to try and
> implement this idea.  I take the discussion here, rather than to an
> amateur radio list/forum/newsgroup, because people here won't go "You're
> using encryption!! Boo! Hiss!".  (And there are people who don't
> understand the difference between things like "encryption" and
> "encoding", who would make such judgements.)

Secure decentralized authentication? Sounds like Namecoin. It uses a
fork of the Bitcoin protocol to let you register a name and keypair
(and domain name + IP address, etc...) in it's blockchain. Solves
Zooko's triangle (global uniqueness / decentralized / memorable) the
same way Bitcoin does, through the use of proof-of-work to achieve
global concensus and essentially simulate a central entity.

It offers you continuity (unless a user let their registration expire
(which you can look up), you can know that a username still belongs to
the same entity), and if you tell people your exact nickname in person
then they can always look that up in the Namecoin blockchain to see
what keypair you currently have registered. Unfortunately the lack of
a central entity means there's no conflict resolution, first come
first serve is the rule, so if somebody else register your callsign
before you then all you can do is to ask them to transfer it or
register another variant and tell people to use that one (unless you
can identify the person, and the countries involved have strict laws
against impersonation and can force the person to do a transfer).

The quickest way to get started is with the web-based client at
https://onename.io/