[tor-dev] Mnemonic 80-bit phrases (proposal)
tor at saizai.com
Tue Feb 28 23:22:42 UTC 2012
On Tue, Feb 28, 2012 at 17:53, Robert Ransom <rransom.8774 at gmail.com> wrote:
> I'm not going to follow that link.
… yet you're going to comment anyway, based merely on your imagination
of what it contains? O.o
> (Tor specification-change
> proposals are sent to the tor-dev mailing list in their entirety and
> copied into a Git repository for archival, not left on an
> easily-changed web page.)
Yeah: that's the point. This is a proposal, not a full implementation
let alone a final one. It's going to be edited.
> We would like a naming system which provides *memorable* names, if
> that is possible. (I've never seen a distributed naming system which
> provides secure and memorable names.)
"I've never seen" isn't really a statement about my proposal.
> But we care even more about other usability properties of a naming
> system, such as how easily users can type a name given a copy of it on
> paper, how easily users can transfer a name to a friend over the
> telephone, and how easily users can compare two names maliciously
> crafted by an attacker with plausible computational power to be
> similar (whether in written form or in spoken form).
All agreed there.
>> choice of name (though it has the required *canonicality* of names),
> By proposing to add a new naming system for Tor's existing hidden
> service protocol, you are already assuming and claiming that hidden
> service names do not need to be canonical. Why do you think
> ‘canonicality’ is required?
… you just contradicted yourself within two sentences.
Canonicality is mandatory for domain names of all kinds; otherwise
there's no way to advertise them, transfer references to them between
users, etc. If your name for some service only works for you, it's not
>> and has a somewhat absurdist definition of 'meaningful'. :-P
> Then your system's names are unlikely to be memorable.
Not true. Consider that e.g. mnemonics used in med school *all*
consist of absurdist phrases.
It would be more memorable if it's short and operator-specified, but
for that you need a petname system, which this is not.
> The dictionaries required by a dictionary-based naming system strongly
> influence whether the resulting names will be memorable.
Yes, of course. So will using good syntax generation.
> The usability tests which will prove that your scheme does not provide
> sufficient usability benefit to justify shipping many large
> dictionaries with Tor cannot begin until after you have collected the
a) who said it requires 'many large dictionaries'?
b) I said upfront that the point of asking for comments is to make
sure the dictionaries collected are good a priori. Your challenging my
proposal by saying that we need dictionaries before testing — which is
obvious; you can't implement this scheme without dictionaries — seems
pointlessly combative to me.
I suggest you try actually reading proposals before bitching about
them. We addressed most of the issues you mention in the proposal.
More information about the tor-dev