[Cryptography] Anonymous rendezvous (was Business opportunities in crypto)
Richard Outerbridge
outer at interlog.com
Sun Apr 18 14:34:30 EDT 2021
Inline. Lots of cuts.
> On 2021-04-17 (107), at 14:23:14, Jerry Leichter <leichter at lrw.com> wrote:
>
>>> Look, we all know how this kind of thing works in practice; we've done it forever, without any cryptography. The reason I bring this up is the long-standing false claim that public-key cryptography allows two parties who've never interacted previously to talk securely to each other, without any other parties being involved. But it doesn't work like that - it *can't* work like that - in any meaningful sense.
>>
>> I have no idea if I agree with you or not, but I feel compelled to comment.
>>
>> I'm going to assert that it both *can* and *does* work that way, but I'm going to take the very same argument you make....
> I think we agree on the underlying reality, but disagree on its implications.
>
> There's a viewpoint one runs into with discussions of cryptography: We want to use it to support systems that (a) are "strongly distributed" - "strongly" because we want to assume *no* connections between participants except those explicitly desired; (b) no trusted third parties.
That’s two 2 viewpoints :)
> It's from (a) that we get the whole notion of anonymous rendezvous: Any two parties can engage in trusted communication of a set of messages with each other without any communication outside of those messages. What I contend - and I believe you agree - is that requirement cannot be met.
[ …. ]
> … but it's not in any meaningful sense of a rendezvous, which I [think? sic] [i]mplies a meeting with *with some particular person*.
And iff for a particular purpose, presumably.
> We in the crypto community are often careless in describing things outside of our own circles - and often even with each other.
[ …. ]
> … you see that there are really only two alternatives: Either Alice has already met "that Bob" and has some non-public information
> about him that lets her identify him; or the two of them trust some third party to provide them with such information.
As in PGP BoaF key signing parties @conferences? Or published dead-tree phonebooks? Got the T-shirt.
> So ... which of the two requirements of the assumed model of the kind of systems that some cryptos dream of do you want to give up?
>
> Personally, I'm willing to - and do - give up *either* depending on circumstances.
[ …. ]
> Most of my communications are with people I've actually met. [ …. ]
> I also have communications with "people" who, if I'm honest, aren't really "people": [ …. ]
>
> Finally, there will be people or institutions who I need to communicate with but with whom I have no prior contact. [ …. ]
That’s Fiat trust. By Command (& control) or Circumstance (hope, need, desperation, &tc.).
> Cryptography gives us a huge amount of power, but not everything can be solved with cryptographic protocols.
> We make a serious mistake when we imply, or simply let others infer, otherwise.
>
> — Jerry
Once I was approached by a VP who had had just had an epiphany. ”The cryptography is the easy part!” he exclaimed
excitedly. ”The key management is what kills you!” he continued, having had just realised.
__outer
More information about the cryptography
mailing list