To Home page

Squaring Zooko’s triangle

It seems like the clever bit of CT is the insight that some actions, like a CA signing a cert, are intended to be public, and so should be forced (via clever crypto) to take place in public. This makes me wonder what other crypto actions should also take place in public, in a way that doesn't permit hiding them from the world. 

Revocation 

Software releases 

Mapping of email address to public key 

Delegation of DNSSEC keys 

 

Of course, globally visible events need to take place at a globally visible time. The most widely available time is GPS time (which is 19 seconds off the commonly used time), and which is available from the seldom connected pps line.

At present, unfortunately, anyone who wants gps time has to do his own soldering and hack his own software. There is a pre soldered device available, but it is hard to get. 

 

 

Imagine skype as originally designed, (central authority maps public and private keys to user names) plus a key continuity feature, plus the seldom used option of doing a zero knowledge shared passphrase to detect man in the middle. 

The possibility that the zero knowledge check could be used would deter powerful adversaries, even if seldom used in practice. The more powerful, the greater the deterrent effect. 

It is not totally end to end, central authority can listen in, but the check would limit the amount of listening. 

It can be made completely end to end for strong passwords. Assume login is by zero knowledge password protocol, which means that the central authority does not know the end user's password, for strong passwords. 

The secret key is generated from the strong secret supplied by central authority, plus the password. 

When you change your password, you generate a certificate mapping your new public key to your old public key, which certificate makes other people's key continuity check happy. 

If key continuity fails, people get a warning, but they don't have to click it away, for that just trains people to click it away. They can just continue right on and not pay attention to it. 

Or they could use the zero knowledge shared passphrase procedure to detect man in the middle. 

So, if non paranoid, and using easy passwords, works like skype used to work. No interception except by central authority, and central authority cannot intercept everyone, or even large numbers of people. 

If paranoid and using strong passwords, provides OTR like end to end capability. 

 

 

 

 

 

 

These documents are licensed under the Creative Commons Attribution-Share Alike 3.0 License