[Cryptography] Business opportunities in crypto

Kent Borg kentborg at borg.org
Fri Apr 16 11:38:57 EDT 2021


On 4/16/21 7:08 AM, Henry Baker wrote:
> Re: In wifi terms it sounds like a temporary SSID that is communicated 
> out-of-band.
> This is precisely what I'd like to avoid.
>
> If I have a point2point connection within my house, there should be no 'SSID' -- temporary or not -- broadcast that is 'visible' outside the house.

If you are doing this on wifi, assume /something/ is receivable outside 
the house. Whether it is visible as an arbitrary SID 
("orange-couple-sonic", "inside-mustang-iris"…) or is invisible—until 
some sniffer software is updated to display a description of observed 
point2point connections—seems a fine point: Radio signals /will/ be 
observable.

Which makes me again wonder what problem is being solved. What are use 
cases? There will be a lot of traffic analysis risks, do you really hope 
to hide that a rendezvous has happened at all? (That's hard.) What do 
you expect to be learnable and what not?

And what do we mean by "anonymous rendezvous"? Certainly not an 
assignation with a randomly chosen corespondent, there has to be some 
identity established out-of-band, plus an expectation that a rendezvous 
will take place in some time window at all ("now"?) and in some 
geographical location ("here"?).

Is this two people near to each other and they say:

   Alice: "Let me transfer the file. <click, click> I've got rendezvous 
'police-papa-flag'."

   Bob: "Yes, I see it. <click, click> 'madonna-noise-martin'?"

   Alice: "Yes. <click>"

   Bob: "'proposal3.pdf'?"

   Alice: "That's it."

   Bob: "Got it. Thanks! <click, click>"

   Alice: "<click, click>

Ignore fine details of protocol implications, maybe there are QR codes 
used, my point is there is an enormous amount out-of-band communications 
in the above. Including a "here" and a "now".

That is one use case. It is a rendezvous, it has anonymous aspects. An 
external observer will likely be able to know the transaction happened, 
know how long the connection was alive, estimate that a single file was 
transferred and make a reasonable guess as to the file size. Add some 
fingerprinting of the RF signal (remember, radios are analog devices) 
and the observer can probably know they are the same two devices as an 
earlier connection, and maybe the device that initiated the connection 
is reversed from last time, when maybe Bob sent proposal2.pdf to Alice.

But "anonymous rendezvous" could mean something rather different. Maybe 
Alice and Bob's computers have been configured together and are always 
trying to rendezvous and automatically connect when they can, with 
queued data automatically send when a connection is established. Very 
different use case that solves different problems. It is also a 
rendezvous, it has anonymous aspects. It will also be very observable. 
What do you expect to be learnable and what not?

Neither is a pure "anonymous rendezvous", but such a thing sounds like 
an oxymoron, so what do we mean?


-kb, the Kent who wonders the practical reasons why Alice and Bob are 
bothering with any of this spy stuff at all, and why they aren't just 
using the network connections they already have and a service like Dropbox.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210416/916d46dc/attachment.htm>


More information about the cryptography mailing list