[FoRK] Re: identity-based encryption

Tyler Close list at waterken.net
Tue Feb 10 21:46:41 PST 2004


On Tue February 10 2004 09:43 am, Lucas Gonze wrote:
> As much respect as I have for yurls, Tyler,

Thank you, and thanks for saying so.

> I believe your dismissal of secure memorable names is a mistake.

If I thought there were such a thing as secure, human-memorable
names, I wouldn't dismiss them. Are you sure you understand the
argument I make at:

http://www.waterken.com/dev/YURL/Name/#Name_conflation

Letting the attacker specify the string used to recognize a
visited site is ridiculous. Correctly recognizing the visited site
is the linchpin of secure interaction. Name-centric solutions,
like the PKI or IBE, allow the attacker to specify the string that
is the basis for recognition of the visited site. It really is
insanity. 'Phishing' isn't just a GUI problem, or a bug. It is a
problem inherent in the very concept of a shared namespace.

> The action in memorable names
> happens in a scope between perfectly global names like public keys and
> perfectly private names like pet names.  This is the context that
> allows branding to work for huge blocks of people without requiring
> that they work for everybody; for example, the scope of a car name is
> typically national.  It is also the context of Google "I feel lucky",
> which works very well for some names and badly for others.

There's nothing wrong with explicit keyword services that map
names to public keys. The problems come when you start using those
names as your only namespace.

Together, YURLs, pet names and keyword services support any online
identification task better than any name-centric solution does.

> And really, I think that midrange scope is the only one that matters.
> It can't be dismissed because it is the main thing.

You're way off here. We need to identify many more things than
just car brands. Remember the WWW maxim about assigning a URI to
all important resources? Cars are nice, but there's some other
important stuff too.

I also seem to recall that you're pretty keen on decentralization.
If you rely on a centralized system for identification,
decentralization is a pipe dream.

> It is best to take Zooko's triangle as a useful koan rather than a law.

Secure, human-memorable names really are impossible. That they
seem to work at all is purely a testament to how benign the world
typically is. When put to the test, these names fail. We see it
(if we're paying close attention) everyday in our inboxes.

Tyler

-- 
The union of REST and capability-based security.
http://www.waterken.com/dev/Web/




More information about the FoRK mailing list