[messaging] The Simple Thing

[elijah]

On 10/03/2014 02:35 PM, Joseph Bonneau wrote:

> CT-style (I think we should call it CT-style to avoid confusion with
> Certificate Transparency proper for TLS certificates)

I strongly prefer "auditable endorsements" since there are many
proposals for auditable endorsement systems, only one of which uses a
CT-style append-only log (for example, nyms, nicknym, DANE, DIME,
hallam-baker's PPE, dkg/tom's UEE).

The term CT-style seems like it should be reserved for the class of
proposals that include some kind of append-only log used in a manner
similar to CT. We may see multiple CT-style proposals in the future (one
log per provider, one log per third party endorser, etc).

> A seemingly-obvious point I haven't seen yet: it's perfectly natural to
> have both systems in place. Nothing prevents layering The Simple Thing
> on top of a CT-style log. Paranoid Alice can certainly check out of band
> if she looks up a new key for Bob in the log and it's different from
> what she's used previously. Paranoid Bob can set up monitoring. Now you
> get detection if either sender or receiver is paranoid.

I can't fault you for not closely reading every email on this list, but
I did happen to write the following in the very message you are replying
to :)

On 10/03/2014 11:43 AM, elijah wrote:

> Also, receivers auditing their published keys does not preclude senders
> from doing manual fingerprint verification. In fact, I think the two
> models can work really well together, which is one of the key ideas in
> https://pad.riseup.net/p/key-validation

-elijah