[cryptography] Keyspace: client-side encryption for key/value stores
James A. Donald
jamesd at echeque.com
Thu Mar 21 22:01:23 EDT 2013
On 2013-03-21 5:59 PM, ianG wrote:
> On 21/03/13 09:52 AM, Tony Arcieri wrote:
>> A question about crypto-capabilities is: how do you share them securely?
> Using a crypto-capability for secure sharing. Which leads to a
> boot-strapping problem, of course, but that's part of the fun.
> A partial answer from capabilities is found in YURLs which are URLs
> that can't be futzed with by an attacker. But this still doesn't
> solve the issue of who you send them too...
> The high-level helicopter answer is that you bootstrap relationships
> into key exchanges , and the hidden assumption here is that you
> have relationships of some form, which means you are now in
> application space -- the market area -- not in systems space.
Or to say the same thing in different words, UI is the hard part of
crypto, and usually the place where the holes are.
Zooko's triangle is a system level description of a user interface.
> In terms of server -> user path, the authentication & finding
> mechanism is generally interrelated. You typically need to start from
> some well known and self-authenticating mechanism which is sometimes
> called a root.
Otherwise known as a single point of failure.
Let us imagine that browsers supported yurls, and that links in
advertisements and business pages were usually yurls, with the result
that your bookmarks were usually yurls.
And, let us imagine that email and im addresses were also yurls, and
usually to be found in web pages themselves secured by yurls, with the
result that the "from" address on email was unforgeable, that a "from"
address was also a link to the one true home page corresponding to that
Then any web page identified by yurl and containing yurls would have the
functionality of a certificate, rendering certificates as such
irrelevant. The entire web would largely consist of certificates, and
search engines would be certificate servers.
The downside would be that secure email addresses and yurls would be
impossible to communicate over the phone, or in non web advertisements,
thus people would tend to default to insecure mode, and could thus
easily be suckered into using insecure mode
To leverage from insecure mode to secure mode, one needs a preshared
secret, which only the highly motivated will bother with.
More information about the cryptography