[FoRK] Re: identity-based encryption

Lucas Gonze lgonze at panix.com
Wed Feb 11 09:39:44 PST 2004


On Wednesday, Feb 11, 2004, at 00:46 America/New_York, Tyler Close 
wrote:

> On Tue February 10 2004 09:43 am, Lucas Gonze wrote:
>> As much respect as I have for yurls, Tyler,
>
> Thank you, and thanks for saying so.

There should be a closer relationship between great work and backpats, 
so I'l say it again: it's a ballsy and smart project.  If my critique 
here seems harsh, it's because I'm not a good enough writer.

>> I believe your dismissal of secure memorable names is a mistake.
>
> If I thought there were such a thing as secure, human-memorable
> names, I wouldn't dismiss them. Are you sure you understand the
> argument I make at:
>
> http://www.waterken.com/dev/YURL/Name/#Name_conflation

The YURL pet names solution is to say that the only names which ever 
change hands are long numbers.  The reviewer specifies the bookstore by 
giving its long number, the reader recognizes the bookstore according 
to her own name for it, her own name for it is never up to a third 
party, and therefore third parties never have influence over the fuzzy, 
breakable, cognition-dependent name.

Correct me if my understanding is wrong!

What I agree with and respect about the YURL algorithm is the way that 
it allows implementation of names which originate locally.  On that 
level it's original and useful.  There are fuzzy bits that I can't make 
sense of, so I suspect that YURL would ultimately come down to an 
annotation system where a user only sees the name she supplied when she 
is actually viewing a target resource.  But that's not my point.

Where I differ is in believing that spoofed names are an equal 
possibility for all objects.  The security of a name is a function of 
how broadly accepted it is.  Huge numbers of people agree that "Amazon" 
is the name of a particular web site and no other.  Only a tiny number 
of people will agree that "Amazn" is the name of some other web site.

This is in contrast to your Zooko-based thesis that the security of a 
name comes solely from whether it originated in your local trust space. 
  You can be fooled, you can be wrong for good reasons, you can bobble 
the handoff of the identifier.

>> It is best to take Zooko's triangle as a useful koan rather than a 
>> law.
>
> Secure, human-memorable names really are impossible. That they
> seem to work at all is purely a testament to how benign the world
> typically is. When put to the test, these names fail. We see it
> (if we're paying close attention) everyday in our inboxes.

The reason I say that Zooko's triangle is a koan rather than a law is 
that it relies on assertions which are absolutely not known to be true.

The first big unknown is whether the memorability of an object is a 
function of how much information it contains.  I did enough background 
reading on this to be pretty certain that it is not known, though I 
never did track down a psycho-physicist to confirm my conclusion.

The second big unknown is when you can prove an assertion without 
having the entire bit string.  EG, if there are only a limited number 
of named objects, then the true information content is log(the number 
of named objects), not bits(name N).  Put the names in a table and 
restrict the search space, and you have reduced the amount of 
information.  This is an application-level problem.

A name is an assertion with a certain probability of failure and a 
certain amount risked.  That names work is a testament to cribs based 
on application requirements, which sometimes allow bit strings too 
short to be self-authenticating.  For example, my inbox works very well 
given that I use all three of whitelisting, blacklisting, and 
graylisting, and I expect that kind of gradation to be useful for other 
applications.

- Lucas









More information about the FoRK mailing list