[Cryptography] The CryptoWars restart.

Sat Jun 29 12:24:50 EDT 2019

Forbes confirms yesterday's story in Politico:

https://www.forbes.com/sites/zakdoffman/2019/06/29/u-s-may-outlaw-uncrackable-end-to-end-encrypted-messaging-report-claims/?fbclid=IwAR3q67Uq-1ejc6mmK9CpCgxX_h6Qhm56Jp59GRprAf548g4IpjzHcwHx6YU#4cebbcb66c87

It is clearly too soon to panic. But I must admit that I have been
expecting this to happen and planning for it.

Signal, WhatsApp etc. are all fine but they are all designed as secure
networks with a single service provider. Sure, other folk can use their
code but you can't contact anyone on a different service, you can't run
your own service.

Any single point of failure is a potential point of coercion.

Following John Gilmore's criticism of an earlier version of the Mesh for
requiring use of a service provider, here is my attempt at a solution.

The Mesh is separated into two major parts, a personal part and a service
part.

The personal part of the Mesh comprises device and account management.
These are coded in a way that means that user's don't need to use any
network service at all. So if Alice joins here laptop and mobile device to
her Mesh, they stay connected even if she changes her Mesh Service provider
or disconnects from service providers entirely.

Alice can create as many accounts as she likes as part of her Mesh. So she
can have accounts for personal, business, etc. I have re-engineered the
system so that Alice can choose to advertise that an account is connected
to her personal Mesh or not.

The second part of the Mesh is the service layers and these are messages
exchanged between devices Alice has connected to her Mesh and messages from
external parties. The second case requires us to consider access control to
mitigate abuse of course.

Unlike with traditional Internet protocols, accounts are not owned by
service providers, they are owned by the user. This means that if Alice
changes her Mesh service provider from alice at example.com to
alice at example.net, the process is as seamless as it could possibly be. All
Alice's prior contacts can update their contact catalogs to use her new
address. If the old service provider is willing, it can provide forwarding
but Alice's contacts all have the fingerprint of her account or her Mesh
and can get her new (authenticated by digital signature) contact info from
a public directory.

With the Mesh, users can change their service provider at any time without
switching costs. They can even run their own service. Thus, the potential
for coercion is minimized.

Admittedly, running a Mesh without any Mesh Service whatsoever is going to
severely limit functionality and convenience. It is really difficult to
provide an easy means of connecting new devices without either a direct
connection between the devices or some sort of postbox capability to serve
as a staging post for messages. But this might well be something you could
tolerate if you were using Mesh Messaging within an IoT cluster or a robot
with multiple systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190629/6fa32914/attachment.html>