[Cryptography] Business opportunities in crypto
Kent Borg
kentborg at borg.org
Fri Apr 16 11:38:57 EDT 2021
On 4/16/21 7:08 AM, Henry Baker wrote:
> Re: In wifi terms it sounds like a temporary SSID that is communicated
> out-of-band.
> This is precisely what I'd like to avoid.
>
> If I have a point2point connection within my house, there should be no 'SSID' -- temporary or not -- broadcast that is 'visible' outside the house.
If you are doing this on wifi, assume /something/ is receivable outside
the house. Whether it is visible as an arbitrary SID
("orange-couple-sonic", "inside-mustang-iris"…) or is invisible—until
some sniffer software is updated to display a description of observed
point2point connections—seems a fine point: Radio signals /will/ be
observable.
Which makes me again wonder what problem is being solved. What are use
cases? There will be a lot of traffic analysis risks, do you really hope
to hide that a rendezvous has happened at all? (That's hard.) What do
you expect to be learnable and what not?
And what do we mean by "anonymous rendezvous"? Certainly not an
assignation with a randomly chosen corespondent, there has to be some
identity established out-of-band, plus an expectation that a rendezvous
will take place in some time window at all ("now"?) and in some
geographical location ("here"?).
Is this two people near to each other and they say:
Alice: "Let me transfer the file. <click, click> I've got rendezvous
'police-papa-flag'."
Bob: "Yes, I see it. <click, click> 'madonna-noise-martin'?"
Alice: "Yes. <click>"
Bob: "'proposal3.pdf'?"
Alice: "That's it."
Bob: "Got it. Thanks! <click, click>"
Alice: "<click, click>
Ignore fine details of protocol implications, maybe there are QR codes
used, my point is there is an enormous amount out-of-band communications
in the above. Including a "here" and a "now".
That is one use case. It is a rendezvous, it has anonymous aspects. An
external observer will likely be able to know the transaction happened,
know how long the connection was alive, estimate that a single file was
transferred and make a reasonable guess as to the file size. Add some
fingerprinting of the RF signal (remember, radios are analog devices)
and the observer can probably know they are the same two devices as an
earlier connection, and maybe the device that initiated the connection
is reversed from last time, when maybe Bob sent proposal2.pdf to Alice.
But "anonymous rendezvous" could mean something rather different. Maybe
Alice and Bob's computers have been configured together and are always
trying to rendezvous and automatically connect when they can, with
queued data automatically send when a connection is established. Very
different use case that solves different problems. It is also a
rendezvous, it has anonymous aspects. It will also be very observable.
What do you expect to be learnable and what not?
Neither is a pure "anonymous rendezvous", but such a thing sounds like
an oxymoron, so what do we mean?
-kb, the Kent who wonders the practical reasons why Alice and Bob are
bothering with any of this spy stuff at all, and why they aren't just
using the network connections they already have and a service like Dropbox.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210416/916d46dc/attachment.htm>
More information about the cryptography
mailing list