[messaging] Zero knowledge proofs of passport

Trevor Perrin trevp at trevp.net
Mon Jul 28 11:15:18 PDT 2014


On Sun, Jul 27, 2014 at 12:45 PM, Mike Hearn <mike at plan99.net> wrote:
>>
>> Trusting national passport agencies seems wrong for this use case.
>
>
> Now it would be. But I think it's worth remembering that at the start
> Greenwald was not a well known national security journalist, he was a
> relatively obscure columnist and blogger. He didn't expect what happened and
> wasn't using PGP as a result. All different now of course, but it's hard for
> people to learn PGP, and hard for them to predict they might want to use it.
> And that in turn means it's hard to bootstrap a secure conversation, as
> Snowden learned the hard way when he failed to do so.

That's true, but I don't think your proposal solves this.

Your proposal amounts to: Glenn, or anyone who's scanned his passport,
can register a public-key in his name by running some "SNARK" tool to
generate proof of passport fields and a public key he chooses.  Then
this proof can be published to some global directory.

Glenn still needs to generate a keypair, manage his private-key,
decrypt messages, etc.  You argue that scanning your passport is
easier than registering for an S/MIME cert or PKP key-signing / WoT
path-building, but almost no-one does these.

Better comparables - and more plausible solutions IMO - would be
publishing your fingerprint/key/proof widely (via your website, social
media, friends, etc.), or registering with keyserver(s) that
authenticate you via email.

It's worth re-iterating that your trust model allows anyone who's
scanned your passport to forge a proof for you, which is particularly
bad for the well-travelled journalists you're imagining protecting.

And in other ways this doesn't address the concrete situation of
source / journalist communications:
 - Identity-hiding and relationship-hiding are also important; the
problem is bigger than key lookup.
 - The key lookup aspect could be solved by the journalist publishing
his key or fingerprint or similar via his organization's web presence.


> Usability suffers a lot if asymmetric crypto gets directly exposed to end
> users. That's why I'm interested in the directory problem. A good key
> directory (even if the users don't really realise that's what it is) seems
> like a crucial feature for making it as brainless as possible.

Again true, preaching to choir etc.

But the problems with, say, PGP keyservers are very basic - keys can't
be deleted, and anyone can add keys for anyone (which a lot of people
will just download and immediately accept!)

There's a ton of progress that could be made by sane engineering and
fixing things like this, which is why I'm grumpy and skeptical about
new crypto exotica...


Trevor


More information about the Messaging mailing list