[tor-talk] Tor for everyone; introducing Eccentric Authentication

Aymeric Vitte vitteaymeric at gmail.com
Sat Feb 27 11:34:50 UTC 2016


100% OK with Zenaan

Maybe slow too but this model would need another validation step (like
sites' CA verification via an external system, blockchain for example)

Which seems useless, the concept of CA is obsolete, in addition the
future for ID management can't be centralized.

I have evoked the problem already, the web is imposing strange
limitations due to the CA system (for example you can't "downgrade" a
https connection using ws) for entities that can't have valid
certificates, for example a WebRTC peer or a Tor router.

So I believe the right model would be to have a peerID system
management, a peerID can be a peer, a server, a website, so can be
called entityID too, in a decentralized system like a blockchain.

Then instead of CA validation, this system can be used to validate IDs,
for the web and/or between peers, then people can build services on top
of this, like a P2P network inside browsers using the Tor protocol to
exchange data, access sites, etc, and other services on top of this like
messaging, chat, etc

Le 26/02/2016 23:47, Zenaan Harkness a écrit :
> On 2/26/16, Guido Witmond <guido at witmond.nl> wrote:
>> On 02/25/16 01:58, Paul Syverson wrote:
>>> On Thu, Feb 25, 2016 at 12:26:02AM +0100, Guido Witmond wrote:
>>>> I don't want *people* to exchange keys. I envision people to exchange
>>>> names and let computers do the key lookup.
> 
> That's fine but should be achievable with a DHT yes?
> 
>>> The description below sounds a fair amount like Keybase
>>> (https://keybase.io)
>>> Perhaps it would be helpful to contrast your goals with theirs?
>> Both Keybase.io and Eccentric Authentication share the same goal: Crypto
>> for everyone!
>>
>> But there are differences:
>>
>> 1. Technology
>>
>> - Keybase uses PGP, Eccentric uses X509;
>> - Keybase uses the Bitcoin blockchain as trust anchor, Eccentric uses
>> DNSSEC and a separate verification service like Certificate Transparency.
> 
> - separate verification service
> - sub certificates
> - mitm
> 
> This model is fundamentally broken and asking for MITMs.
> Why re-use such a model?
> 
> Why do you say you considered, but discarded, the blockchain as trust anchor?
> 
> 
>> 2. Model
>>
>> - Keybase has a person centric key model:
> 
> Surely that's just an end-user app consideration.
> 
> This seems to be your primary gripe about keybase (from what I can
> tell) - have you discussed this "limitation" with the keybase
> developers/ designers to see if your concept might fit nicely into
> keybase?
> 
> If you have discussed, please refer us with link(s) to such
> discussions - this will be important information for anyone
> considering your "solution".
> 
> If you have not, perhaps you need to have a good hard think about
> whether you are a NIH dope.
> 
> 
>> Even though people can have multiple private keys, these are connected.
>> Each user has 1 identity. That means, every message sent is attributed
>> to the person.
>>
>> In this model, each of the actions strengthens the faith in the relation
>> between the key and the identity.
> 
> Again, please provide links to the discussions you've had with the
> keybase folks about exactly these points you raise, so we can read for
> ourselves, their responses!
> 
> 
>> - Eccentric uses a key model where each user has many keys:
> 
> This should of course also be raised with the keybase folks.
> 
>> Each of those keys is an identity, tied to the site that signed it. Keys
>> cannot be shared between sites. This prevents linking of identities
>> unless the person reveals it. Or if cookies betray him.
> 
> and this
> 
>> In Eccentric, people are advised to use a throwaway identity whenever a
>> site requires an identity. In Keybase, it's much harder to remain
>> anonymous as I expect sites to encourage linking your account to your
>> identity.
> 
> and again
> 
>> 3. Central / Dispersed
>>
>> Keybase uses a central repository for all key/identity announcements.
>> This makes them a single high value target.
> 
> Perhaps keybase needs to be forked due to some fundamental
> limitations? (it is libre source yes? - before this thread, I'd never
> heard of either of these projects...). Perhaps the keybase devs are
> aware of such fundamental "problems"?
> 
>> Eccentric uses a single CA per site. There is no central repository. The
>> risks of compromise are spread out. With some proper use of subkeys, the
>> scary part of key management can be outsourced to a service provider.
> 
> "every site has it's own CA"
> 
> That's a burden upon site operators that will never be "widely"
> achieved - except perhaps the large blogging platform providers,
> facebook etc.
> 
> When a site can use HTTPS, users can create identities on the site,
> and then users can use perfect forward secrecy with throwaway keys for
> "ephemeral" communications, really, what does some new CA per site
> actually provide?
> 
> I'm just not getting the significant value proposition or even
> properly understanding your use case and why most people would bother
> with all your proposed infrastructure.
> 
> Without a significant "value proposition" for the sites, or for the
> users (and implicitly perhaps for the sites as a result of that),
> who's going to bother?
> 
> But then I'm biased - neither do I understand the value proposition of keybase.
> 
> 
>> 4. User Security
>>
>> Keybase provides confidentiality of the message contents but as it uses
>> existing email transport, neglects meta data protection, in fact it
>> gives up meta data protection to gain stronger ties between usernames,
>> keys and identity.
> 
> In other words they've delegated part of meta data protection back to
> the user "you'll have to use a throwaway email account if you want any
> anonymity in your keybase communications".
> 
> 
>> Eccentric offers much stronger protection of meta data and equals
>> protection of message confidentiality.
> 
> So you're building a messaging platform?
> 
> Or building infrastructure which you expect others to build messaging
> platforms on top of?
> 
> 
>> With Eccentric it's harder to
>> assure a certain key belongs to an author of a publication.
> 
> So what value does it provide (sorry, I'm a slow learner).
> 

-- 
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms


More information about the tor-talk mailing list