[FoRK] Re: identity-based encryption

Gordon Mohr gojomo at usa.net
Tue Feb 10 00:11:29 PST 2004

Tyler Close wrote:
> On Mon February 9 2004 08:07 am, Meltsner, Kenneth wrote:
>>Interesting stuff,
> No, it's not. It's ridiculous. It is a repetition of the same
> mistakes that were made in the conception of the PKI. A global,
> human-memorable namespace is inherently insecure. Such a namespace
> puts the act of recognition in the hands of the attacker. You
> can't expect secure collaboration when the attacker gets to tell
> you who you should think he is. A global namespace means that the
> name used to refer is the same as the name used to recognize. It's
> an age old way to trick a human.  Secure collaboration between
> humans requires local namespaces. See:
> http://www.waterken.com/dev/YURL/Name/#Name_conflation

And yet, as bad as 'phishing' and other confusion-based attacks
have shown (for one example) SSL and the browser 'lock'/domain
approach to be, it's still been (1) better than nothing; and (2)
good enough for a lot of valuable transactions to occur.

I think IBE enables a whole bunch of new "marginally better" and
"good enough" possibilities with usefully simple (albeit imperfect)
adoption and use modes.

Seems to me like IBE could even be used in the YURL referral model.
Some principals are effectively super-referrers: a bank, a
Friendsteresque social network service, a community like FoRK. They
could hold the IBE generators.

I might be perfectly happy to send a message to "whoever FoRK
has determined is 'Tyler Close' (by its willingness to give out the
'Tyler Close' private key)", even knowing that handout process will
sometimes be compromised. If in correspondence I were then to later
learn that the same 'node' had managed to get the 'Tyler Close' key
from a major bank agency and a Friendster-like agency, I'd be even
more confident of the communication.

In this scheme, IBE is just another way some principals can vouch for
others by reference, following a slightly different order of initial
communication than is required for principals to "point at"
preexisting public keys.

- Gordon

More information about the FoRK mailing list