[Cryptography] Anonymous rendezvous (was Business opportunities in crypto)

Richard Outerbridge outer at interlog.com
Sun Apr 18 14:34:30 EDT 2021 

Inline.  Lots of cuts.

> On 2021-04-17 (107), at 14:23:14, Jerry Leichter <leichter at lrw.com> wrote:
> 
>>> Look, we all know how this kind of thing works in practice; we've done it forever, without any cryptography.  The reason I bring this up is the long-standing false claim that public-key cryptography allows two parties who've never interacted previously to talk securely to each other, without any other parties being involved.  But it doesn't work like that - it *can't* work like that - in any meaningful sense.
>> 
>> I have no idea if I agree with you or not, but I feel compelled to comment.
>> 
>> I'm going to assert that it both *can* and *does* work that way, but I'm going to take the very same argument you make....
> I think we agree on the underlying reality, but disagree on its implications.
> 
> There's a viewpoint one runs into with discussions of cryptography:  We want to use it to support systems that (a) are "strongly distributed" - "strongly" because we want to assume *no* connections between participants except those explicitly desired; (b) no trusted third parties.

That’s two 2 viewpoints :)

> It's from (a) that we get the whole notion of anonymous rendezvous:  Any two parties can engage in trusted communication of a set of messages with each other without any communication outside of those messages.  What I contend - and I believe you agree - is that requirement cannot be met.

[ …. ]

>  … but it's not in any meaningful sense of a rendezvous, which I [think? sic] [i]mplies a meeting with *with some particular person*.

And iff for a particular purpose, presumably.

> We in the crypto community are often careless in describing things outside of our own circles - and often even with each other.

[ …. ]

>  … you see that there are really only two alternatives:  Either Alice has already met "that Bob" and has some non-public information
> about him that lets her identify him; or the two of them trust some third party to provide them with such information.

As in PGP BoaF key signing parties @conferences?  Or published dead-tree phonebooks?  Got the T-shirt.

> So ... which of the two requirements of the assumed model of the kind of systems that some cryptos dream of do you want to give up?
> 
> Personally, I'm willing to - and do - give up *either* depending on circumstances.

[ …. ]

> Most of my communications are with people I've actually met. [ …. ]

> I also have communications with "people" who, if I'm honest, aren't really "people": [ …. ]
> 
> Finally, there will be people or institutions who I need to communicate with but with whom I have no prior contact. [ …. ]

That’s Fiat trust.  By Command (& control) or Circumstance (hope, need, desperation, &tc.).

> Cryptography gives us a huge amount of power, but not everything can be solved with cryptographic protocols.
> We make a serious mistake when we imply, or simply let others infer, otherwise.
> 
>                                                        — Jerry


Once I was approached by a VP who had had just had an epiphany.  ”The cryptography is the easy part!” he exclaimed
excitedly.  ”The key management is what kills you!” he continued, having had just realised.
__outer

More information about the cryptography mailing list