[cryptography] phishing/password end-game (Re: Why anon-DH ...)

ianG iang at iang.org
Fri Jan 18 11:14:56 EST 2013

On 17/01/13 05:21 AM, dan at geer.org wrote:
>   > To clarify:  I think everyone and everything should be identified by
>   > their public key,...
> Would re-analyzing all this in a key-centric model rather than
> a name-centric model offer any insight?  (key-centric meaning
> that the key is the identity and "Dan" is an attribute of that
> key; name-centric meaning that Dan is the identity and the key
> is an attribute of that name)

Key-centric works up until a point.  It is certainly more elegant and 
more secure in technical terms, but some assumptions tend to need to be 
handwaved away to make it workable.

Primarily, storing the key and protecting it seems to result in the same 
old mess -- it has to be stored somewhere safe and kept safe.  Which 
tends to imply ... name and password.

Now, with mobile phones, things have got a lot better in that respect. 
Cells (as this audience likely calls them) are small, powerful and most 
importantly with their owners all the time.  They can certainly store 
keys and keep them safe, in principle.

But things have also got a lot worse in other respects.  The security 
model on phones seems to lack, and as attention mounts, we seem not to 
be seeing that iron-clad expectation that we'd desire.  E.g., rumours of 
Android hacks.

Also, the confounded users tend to lose their phones or have them 
stolen.  And then they demand their 'identities' back, as if nothing has 
happened.  So the keys need to be agile, in some sense.  Which pushes us 
away from the phone, to cloud, or a variant, and then we're back to the 
same old remote password problem.


> --dan

More information about the cryptography mailing list