[liberationtech] Announcing Scramble.io
Tom Ritter
tom at ritter.vg
Fri Aug 23 15:22:02 PDT 2013
On 23 August 2013 16:29, Nicolai <nicolai-liberationtech at chocolatine.org> wrote:
> On Fri, Aug 23, 2013 at 01:53:59AM -0700, DC wrote:
>
>> My plan is to make make your email the hash of your public key.
>> For example, my address is *nqkgpx6bqscslher at scramble.io*
>> (I borrowed this idea from Tor Hidden Services.)
>
> Cool idea. This is also similar to CurveCP and DNSCurve. For example:
>
> $ dig ns chocolatine.org +short
> uz5qry75vfy162c239jgx7v2knkwb01g3d04qd4379s6mtcx2f0828.ns.chocolatine.org.
> uz5cjwzs6zndm3gtcgzt1j74d0jrjnkm15wv681w6np9t1wy8s91g3.ns.chocolatine.org.
I feel compelled to point out the precedence here. This is a problem
known as Zooko's Triangle:
https://en.wikipedia.org/wiki/Zooko's_triangle Briefly it says, when
giving names to members of a network: Secure, Decentralized,
Memorable, pick 2. (Another good page on it seems to be
http://shoestringfoundation.org/~bauerm/names/distnames.html )
SSL is Secure and Memorable, but highly centralized. (It is secure
because you have to prove ownership of a name to get a certificate for
it.)
This technique is Secure and Decentralized - but not memorable.
Off the top of my head, other techniques that make the same tradeoff are:
- Tor Hidden Services, as you mentioned
- SSH & OpenPGP fingerprints (here's my fingerprint, no matter where
you find it, that's my identifier)
- YURLs http://www.waterken.com/dev/YURL/httpsy/
- From the above URL: Freenet's CHKs, Mnet's mnetids, Chord's keys,
Freenet's SSKs, SPKI's certificates
For very technical audiences, I've thought these things are all right,
because we tend to be fine copy/pasting around opaque strings of
gibberish; but for 'normal' people it just felt too weird. I kind of
wonder with the advent and integration of QR scanners, these scheme
might gain more traction. It'd be worth trialing one of these and
seeing how it goes.
-tom
More information about the liberationtech
mailing list