Re: [GNU/consensus] [SocialSwarm-D] Zooko's Triangle

[carlo von lynX]

> On 25-07-13 10:02, carlo von lynX wrote:
> > hi there eli.. well if saying 7yuogiqxgrak36kk is all it takes to
> > achieve Identity <> key mapping and as hard as human unfriendly gets,
> > I am positive people out there are going to deal with human unfriendly
> > for the sake of a truly reliable communications infrastructure.

On Thu, Jul 25, 2013 at 12:04:33PM +0200, Guido Witmond wrote:
> I think that's too optimistic. People choose easy over secure anytime.
> Even if it threatens their lives.

point granted.

> > - socialist millionaire's shared secret while having a beer together
> > - public key in a QR code on a business card (printed paper is harder to 
> > mitm)
> > - a slice of the hash confirmed by voice on the phone
> 
> 1. Having a beer together is fun but doesn't scale over distance. How do
> I set up a secure channel with people 50 km away? There is no such thing
> as virtual beer.

let's discuss the scenario of a phone conversation while at the same time
typing the shared secret into the prompt. this requires a MITM to be ready
to act immediately - that is, agencies must have a VERY high interest in
you if they are monitoring you in real-time, not just recording your stuff.
THIS to me sounds like an acceptable compromise if you can't take the
classic walk in the park and keep an eye on people following you.

i'm not trying to achieve perfection, i just want surveillance to cost as
much effort as it had in stasi days, back in the 80s.

> 2. Public key fingerprint or QR codes are not Zooko-proof. It's fails
> the human memorize-able property. I can't read it from the side of a bus
> and type it in at home.

granted concerning fingerprint, not acknowledged concerning a QR code you
received on paper from that person. in that case it's irrelevant that you
can't memorize its pattern - you just show it to your camera.

> 3. A slice of a hash only proofs that you have a secure channel when you
> know the identity of the other person.

what's wrong with that?

> > Tor is leading the way. Simply by spelling out 7yuogiqxgrak36kk to you
> > we have a cryptographic guarantee that your tor node will connect to mine
> > and only to mine. NSA can do a lot, but I doubt they can MITM all mails
> > and twitters on earth to intercept my hash and replace it with another,
> > but just in case they'd dare to do so for you because you are their target,
> > well then you can have a surveilled phone conversation with me and I can
> > *still* make sure you have my correct public key - no matter how many
> > people are listening into that conversation.
> > 
> > Many of the MITM problems arise from the abstraction of identity and her
> > public key. By actually using the key in addressing we solve the problems.
> > There is no need to maintain abstraction layers that reduce the
> > security of its users.
> > 
> > So I'd say Zooko is a problem solved.
> > Back to work, we've got to save the world.
> 
> Not so fast, mister 7yuoqigxqrak36kk,
> 
> You leave out one property of Zooko's triangle and declare it solved.

https://en.wikipedia.org/wiki/Zooko%27s_triangle

Secure: check.
Decentralized: check.
Human-meaningful: not necessary, we use the power of paper and camera.

To me removing the necessity of one of the aspects
is solving the problem. No?

> Feel free to check out my attempt at solving Zooko's triangle. It uses
> DNSSEC/DANE to validate the domain and it uses a network perspective to
> validate each CA at the domain. Users are anonymous.
> 
> Check out:
> http://eccentric-authentication.org/eccentric-authentication/five-minute-overview.html

i like the CA root key taken offline...  :)   it's like our identity
recovery strategy described in http://secushare.org/threats

pretty advanced strategy.. not bad. so the achilles heel would be if
US government does something with the DNSSEC root? but all it could
do would be to break the certification system, right? i'm not sure
if i'm grasping the full implications of this. the UDP limit for keys
is evil. is it true that DNSSEC only provides URL download for larger
keys? does that mean the keys are no longer protected by DNSSEC in
that case?

> >> And yes, I proudly belong to the church of identity in the form of the
> >> URI commonly referred to as an email address. Not only is address@hidden
> >> fantastically usable, it is also universally understood by every
> >> internet user on earth. There are other addressing schemes that are user
> >> friendly-ish, like twitter @user, or namecoin (although namecoin
> >> obviously has other problems), but address@hidden is here to stay.
> > 
> > Neither Skype nor Facebook think in terms of address@hidden Actually @domain
> > is totally distant from average humanity - it's abnormal to think of 
> > yourself
> > in terms of affiliation. No surprise the #1 domain in the world is 
> > gmail.com.
> > People would deal with it, if it worked, but it doesn't. Now it's time to
> > provide the key instead of the domain. You're living in the past, Eli.  :)
> 
> I fully agree with Eli here, Carlo. Or should I say address@hidden

Well, since address@hidden is the problem in the Zooko dilemma I don't see a
reason to stick with it.

> 'Von' as used in your name means, 'From the family' or 'From the town'.

Not topological.

> Regards, Guido.

Ciao

-- 
»»» psyc://psyced.org/~lynX »»» irc://psyced.org/welcome
 »»» xmpp:address@hidden »»» http://my.pages.de/me