[FoRK] Re: identity-based encryption
lgonze at panix.com
Wed Feb 11 09:39:44 PST 2004
On Wednesday, Feb 11, 2004, at 00:46 America/New_York, Tyler Close
> On Tue February 10 2004 09:43 am, Lucas Gonze wrote:
>> As much respect as I have for yurls, Tyler,
> Thank you, and thanks for saying so.
There should be a closer relationship between great work and backpats,
so I'l say it again: it's a ballsy and smart project. If my critique
here seems harsh, it's because I'm not a good enough writer.
>> I believe your dismissal of secure memorable names is a mistake.
> If I thought there were such a thing as secure, human-memorable
> names, I wouldn't dismiss them. Are you sure you understand the
> argument I make at:
The YURL pet names solution is to say that the only names which ever
change hands are long numbers. The reviewer specifies the bookstore by
giving its long number, the reader recognizes the bookstore according
to her own name for it, her own name for it is never up to a third
party, and therefore third parties never have influence over the fuzzy,
breakable, cognition-dependent name.
Correct me if my understanding is wrong!
What I agree with and respect about the YURL algorithm is the way that
it allows implementation of names which originate locally. On that
level it's original and useful. There are fuzzy bits that I can't make
sense of, so I suspect that YURL would ultimately come down to an
annotation system where a user only sees the name she supplied when she
is actually viewing a target resource. But that's not my point.
Where I differ is in believing that spoofed names are an equal
possibility for all objects. The security of a name is a function of
how broadly accepted it is. Huge numbers of people agree that "Amazon"
is the name of a particular web site and no other. Only a tiny number
of people will agree that "Amazn" is the name of some other web site.
This is in contrast to your Zooko-based thesis that the security of a
name comes solely from whether it originated in your local trust space.
You can be fooled, you can be wrong for good reasons, you can bobble
the handoff of the identifier.
>> It is best to take Zooko's triangle as a useful koan rather than a
> Secure, human-memorable names really are impossible. That they
> seem to work at all is purely a testament to how benign the world
> typically is. When put to the test, these names fail. We see it
> (if we're paying close attention) everyday in our inboxes.
The reason I say that Zooko's triangle is a koan rather than a law is
that it relies on assertions which are absolutely not known to be true.
The first big unknown is whether the memorability of an object is a
function of how much information it contains. I did enough background
reading on this to be pretty certain that it is not known, though I
never did track down a psycho-physicist to confirm my conclusion.
The second big unknown is when you can prove an assertion without
having the entire bit string. EG, if there are only a limited number
of named objects, then the true information content is log(the number
of named objects), not bits(name N). Put the names in a table and
restrict the search space, and you have reduced the amount of
information. This is an application-level problem.
A name is an assertion with a certain probability of failure and a
certain amount risked. That names work is a testament to cribs based
on application requirements, which sometimes allow bit strings too
short to be self-authenticating. For example, my inbox works very well
given that I use all three of whitelisting, blacklisting, and
graylisting, and I expect that kind of gradation to be useful for other
More information about the FoRK