[hashcash] Re: hashcash v1 questions

Justin Guyett wrote:

I've seen some others, but I don't recall them at the moment.  Aren't
those perfectly adequate to transfer keys in virtually all cases?  They
don't require email-bloating keyblocks either in headers or in the message
body.  If it's absolutely critical that a message be sent via email, why
not use a standard pgp keyblock or define another header in which to place
a base64-encoded key?

I (camram) am trying to build a peer to peer system for identifying someone as someone you have spoken with before. The reason I'm looking for this tool is because camram white lists folks you've spoken with and white lists by name can be forged relatively easily. I need a stronger mechanism to identify someone as familiar. the best tool for this job seems to be public key cryptography but it must be done with no user interface whatsoever. To that end, it looks like propagating keys embedded in messages is probably the best way since it sends keys only to the people you communicate with. It also provides a handy mechanism for stating that you have seen this key with this address some number of times.

Why not use key servers? for all the same reasons that money stamps not work. Centralized infrastructure breaks down and becomes inaccessible for various reasons, scalability issues, and management is subject to corruption. If we are successful, we would be creating and destroying without revocation millions of keys per day.

Before you get your knickers in a twist over this attitudes, remember that all of the "proper procedures" as put forth by pgp/smime enthusiasts have done more to setback to widespread use of cryptography than any political/legislative manipulations by the spook community. What the crypto geeks have forgotten (or maybe never knew) is that human factors wins out over technical features any day.

having said that, there's nothing stopping you or somebody else from putting deep fingers into the crypto engine for all of the key management features necessary to make you comfortable. But I'm not going to stop trying to create a 0 user interface environment using a small fraction of those cryptographic features. alternative perspectives on how to publish these goals this are welcome.


---eric


Other related posts: