[tor-talk] Tor for everyone; introducing Eccentric Authentication

Guido Witmond guido at witmond.nl
Thu Feb 25 22:46:45 UTC 2016 

On 02/25/16 11:57, me at beroal.in.ua wrote:
> A magic wand is a solution. :-)

Luckily, any sufficiently advanced technology is indistinguishable from
magic, so to my audience - the normal user - it looks like that :-)

> Though I don't understand your protocol, I don't like id at site names.
> That site belongs to a corporation, so I depend on a corporation which I
> can't control. 

There is good news, anyone can run this protocol on any domain. It's not
limited to companies. In fact, running it on your own domain gives you
the security that no one can be messing with it.

> There is a more fundamental problem with human readable
> names. There is competition for nice names like "sex" or "casino", for
> example, in the domain of domain names. This competition is resolved
> with auctions. So a human readable name is paid, and its owner depends
> on the registrar.

Everything has a price. Only sunlight is free, after paying the
rent/hotel/wood for the fire under the bridge to survive the night. :-)

Seriously, the requirement is that each sitename is unique and can't be
abused by others than the owner. That way, each user at sitename is unique.
And that's to make the one-to-one relationship between names and keys.

There might be stronger systems than the current DNS registrars. A
sitename in a Namecoin system springs to mind. The issue is that it's
used by a very small group.

But take it from me, I'm in favour of stronger naming systems than DNS.
It's quite brittle in respect to coercion.

Public key fingerprints are a solution to both problems.

Except that people won't check these things. You do, but I want a system
that works for people who don't/can't verify those.

Cheers, Guido.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20160225/e7ba34e8/attachment.sig>

More information about the tor-talk mailing list