[Cryptography] Anonymous rendezvous (was Business opportunities in crypto)

Jerry Leichter leichter at lrw.com
Tue May 4 11:50:05 EDT 2021


> I find this 'anonymous rendezvous' concept to be rather mushy and ill defined. Ditto the concept of 'trusted third party'.
> 
> So Alice wants to establish communication with Bob without Mallet knowing that they are talking. What are we going to allow them?
> 
> * Prior knowledge of the credentials, IP address of the other?
> 
> * Use of the IP address of the other party's device?
> 
> * Third party providing a dead drop?
> 
> * How many other people are using the same network?
> ...
> If people specify precisely what they mean by 'anonymous rendezvous', I can probably satisfice their requirements if they are consistent.
I can tell you the issue *I* had in mind, which rather different from what you're discussing.

Way back when, SSL was introduced to give people the confidence that they could do business on the Internet.  One idea buried in there was that when you went, for the first time ever, to macys.com <http://macys.com/>, you could tell that you were at the "real" Macys because that site would present a certificate for Macys and only the "real" Macys would have access to such a certificate.  And you could trust that only the "real" Macys had such a certificate because the certificate authorities signed it, and they wouldn't give one to anyone else.  And you could trust the CA's because ... well, as we know, that's an issue to this day.  In any case, a CA was a trusted third party:  Trusted in the NSA sense that the could completely break your security; third party because they stood outside of the communications between you and Macys and you.

Meanwhile, there was this whole bias among some people that trusted third parties were an inherently bad idea and we should look to mechanisms that don't require them.  So, for example, Macys could simply post its public key "in public" - put it on billboards, do mass mailings ... today put it on a blockchain.  Now you no longer need to trust a CA - you have their public key safely and directly.  The implication - sometimes stated explicitlyh - is that with such a mechanism, you can, never having known anything about Macys other than the name, never having any contact, directly or indirectly, with Macys, securely connect to Macys.  But a moment of examination shows how nonsensical that is:  *Anyone* can buy billboards or send out flyers or put an entry on the blockchain asserting that a public key *they* own belongs to Macys.  If you know nothing about "the real Macys" other than those public postings ... how can you possibly know which one is real?  The problem is one of identity, not one of cryptography.  And ... it's identity *outside* of the communications system that matters.  If my definition of a successful connection to Macys is "Securely exchanging messages with someone who has the private key corresponding to this Macys public key I got from somewhere out on the Web" then there's no issue.  But that's a rather uninteresting definition.

This is where all kinds of discussions about pseudonyms go south.  Yes, the system can be constructed so that I'm sure I'm communicating with some particular pseudonym - and further I can be sure that a series of communications are to "the same" pseudonym (where "the same" means "in possession of some particular secret").  All that's fine (and very useful) as long as you "live" in the virtual world.  But it's precisely in binding that virtual world to the real world that we have problems.

I'm walking down the street and I see a big department store with a Macys sign on it.  I've heard vaguely that Macys is a good place to buy cutlery, and I need some, so I go in ... and trust that what I buy there is of reasonable quality, that I can give them my credit card and they won't put extra charges on after I walk out, and so on. Can I replicate that experience at the Macys web site?

In the real world, a number of things make this a reasonable thing to do.  It costs a lot of time and money to create that physical store - it's highly unlikely it would be worth it to anyone to fake it.  I can see plenty of other people shopping in there, apparently happy with the experience.  Sure, they could be plants - but what would be the point?  So even though I know nothing at all about who those people are, I can still trust what I see of their experience.  And if Macys really does cheat me I can bring legal mechanisms into play - and the store will still be there so I will be able to find them to go after them.  The real-world Macys is embedded in all our entire physical, social and legal frameworks.  In an important sense, in the real world, we never trust anything anonymous:  We're always starting with some kind of connection and strengthening it, not trying to create it out of nothing.  Visit a foreign country where you know no one and no one speaks your language, where you don't understand the culture, where you're missing those fundamental connections, and it's much harder to get things going - but at least you do share the base-level connection that you're among human beings and human beings are pretty much the same. And building a big store is expensive everywhere in the world.

None of these mechanisms apply at the Macys web site.  Creating web sites is cheap.  Hiding who's behind them is cheap.  Reputation mechanisms are supposed to be the equivalent of all those people in the store (and of friends who've been there and trust the place) but they don't scale, as I've argued previously.  The entire fabric of interconnections breaks down, or can be easily broken down by attackers.  Trust isn't transitive, and trust is a basic social good without which society breaks down.

Who in a virtual world can you trust?  You can bootstrap trust from the real world - I can trust a public key a friend of mine handed to me on his business card.  (It's interesting that that idea - mentioned in early discussions of public-key crypto - never caught on, probably because the keys are just too long.)  I can choose - or be forced - to put trust in a third party:  An organization that creates accounts only for those who the organization accepts; a government on-line identity, as some countries are providing.  All that's fine, as far as it goes - though it creates its own set of issues.  Where it does *not* go to is a purely virtual world with no trusted third parties.  Such a world can exist on its own, but it can't have any trusted ties to the real world out here.
                                                        -- Jerry



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210504/1dab4eba/attachment.htm>


More information about the cryptography mailing list