[Standards-JIG] Re: The Great Encryption Debate

David Chisnall theraven at sucs.org
Tue Aug 9 15:18:38 UTC 2005


On 9 Aug 2005, at 14:59, Ian Paterson wrote:

> Unfortunately Bob and Alice have to disclose part of their rosters to
> eachother.

To clarify:
This isn't really a problem, since in the method I proposed only  
requires that they exchange hashes (something like MD5 or SHA) of  
each JID.  There is no way of getting the JID back from the hash, so  
there is no way of using this to discover even the partial contents  
of someone's roster unless you have a mutual acquaintance.

Since writing this, I have become familiar with the web of trust  
concept employed by CAcert.  This allows individuals to assure  
others, which might be a slightly better model.  I would have to a  
bandwidth analysis of this, but it might be feasible to have a scheme  
where:

1) Alice want to establish a trust-relationship with Bob
2) Alice sends the hash of Bob's JID to everyone she already trusts  
(via an encrypted session).
3) If they do not trust Bob, they repeat the procedure with everyone  
they trust (up to a specified TTL).
4) Once a trusted intermediary, Charlie, has been found (i.e. someone  
who has a trust-path between both Alice and Bob), they sign Alice and  
Bob's pubic keys and send them on (via other trusted intermediaries  
if required, each of whom adds a signature).
5) Alice and Bob now have copies of each others public keys and can  
be used as intermediaries in the web of trust.

Alice and Bob can ask other mutual acquaintances to sign their keys,  
giving a greater trust-score to each other. The trust score should be  
inversely proportional to distance between people and proportional to  
the number of trusted paths between individuals.

I came up with an idea similar to this a year or so ago, but having  
seen how well it works with CAcert I am more inclined to propose it  
as a solution for Jabber.




More information about the Standards mailing list