[messaging] Zero knowledge proofs of passport

[Mike Hearn]

>
> No, Pond senders must authenticate their message with a
> recipient-provided secret or the recipient's mailbox will reject it.
> See:
>
> https://moderncrypto.org/mail-archive/messaging/2014/000409.html


Yes, I know. My point is that whilst Pond's current design requires this,
it could have a different design and the Pond tech page explicitly says
that here:

*(This may be an important weakness. One obvious answer is to have servers
accept, say, 10% of a user's quota of unsigned ‘introduction’ messages.)*


> If your use case is "secure key lookup for a well-known journalist", I
> think that's easily solved by the reporter posting his public key, key
> fingerprint, and/or SecureDrop/GlobalLeaks hidden-service address on
> his HTTPS website, twitter, etc.
>
> Trusting national passport agencies seems wrong for this use case.


Now it would be. But I think it's worth remembering that at the start
Greenwald was not a well known national security journalist, he was a
relatively obscure columnist and blogger. He didn't expect what happened
and wasn't using PGP as a result. All different now of course, but it's
hard for people to learn PGP, and hard for them to predict they might want
to use it. And that in turn means it's hard to bootstrap a secure
conversation, as Snowden learned the hard way when he failed to do so.

Usability suffers a lot if asymmetric crypto gets directly exposed to end
users. That's why I'm interested in the directory problem. A good key
directory (even if the users don't really realise that's what it is) seems
like a crucial feature for making it as brainless as possible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140727/cb0856d5/attachment.html>