[tor-dev] Mnemonic 80-bit phrases (proposal)

Sai tor at saizai.com
Tue Feb 28 23:22:42 UTC 2012

On Tue, Feb 28, 2012 at 17:53, Robert Ransom <rransom.8774 at gmail.com> wrote:
> I'm not going to follow that link.

… yet you're going to comment anyway, based merely on your imagination
of what it contains? O.o

>  (Tor specification-change
> proposals are sent to the tor-dev mailing list in their entirety and
> copied into a Git repository for archival, not left on an
> easily-changed web page.)

Yeah: that's the point. This is a proposal, not a full implementation
let alone a final one. It's going to be edited.

> We would like a naming system which provides *memorable* names, if
> that is possible.  (I've never seen a distributed naming system which
> provides secure and memorable names.)

"I've never seen" isn't really a statement about my proposal.

> But we care even more about other usability properties of a naming
> system, such as how easily users can type a name given a copy of it on
> paper, how easily users can transfer a name to a friend over the
> telephone, and how easily users can compare two names maliciously
> crafted by an attacker with plausible computational power to be
> similar (whether in written form or in spoken form).

All agreed there.

>> choice of name (though it has the required *canonicality* of names),
> By proposing to add a new naming system for Tor's existing hidden
> service protocol, you are already assuming and claiming that hidden
> service names do not need to be canonical.  Why do you think
> ‘canonicality’ is required?

… you just contradicted yourself within two sentences.

Canonicality is mandatory for domain names of all kinds; otherwise
there's no way to advertise them, transfer references to them between
users, etc. If your name for some service only works for you, it's not
very useful.

>> and has a somewhat absurdist definition of 'meaningful'. :-P
> Then your system's names are unlikely to be memorable.

Not true. Consider that e.g. mnemonics used in med school *all*
consist of absurdist phrases.

It would be more memorable if it's short and operator-specified, but
for that you need a petname system, which this is not.

> The dictionaries required by a dictionary-based naming system strongly
> influence whether the resulting names will be memorable.

Yes, of course. So will using good syntax generation.

> The usability tests which will prove that your scheme does not provide
> sufficient usability benefit to justify shipping many large
> dictionaries with Tor cannot begin until after you have collected the
> dictionaries.

a) who said it requires 'many large dictionaries'?
b) I said upfront that the point of asking for comments is to make
sure the dictionaries collected are good a priori. Your challenging my
proposal by saying that we need dictionaries before testing — which is
obvious; you can't implement this scheme without dictionaries — seems
pointlessly combative to me.

I suggest you try actually reading proposals before bitching about
them.  We addressed most of the issues you mention in the proposal.

- Sai

More information about the tor-dev mailing list