[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: my idea of the ideal encryption tool for the masses




-----BEGIN PGP SIGNED MESSAGE-----

 Jiri Baum <[email protected]> wrote in private e-mail:
>
> Apart from that, this kind of thing has been proposed before,
> and (for payment at least) I've read a paper somewhere that
> uses something like this to get off-line anon. e-cash with
> multi-party mistrust. (Ie nobody trusts anybody.)


Yes, even such klooges such as Mondex might be considered a 
variation on my idea.  Ultimately, though, I expect this device 
to become my *only* interface with the Net.  I don't own any 
long-term storage device.  Instead I just rent it over the Net 
and encrypt any long-term data that I consider private.  I do 
any *sensitive* processing on the CPU in my handheld computer, 
but if it's a big job and I don't mind people watching then 
I rent a CPU over the Net to chew on it.


This device is perfectly portable and can be plugged into any 
Net jack in an office or telephone booth, or perhaps it can do 
wireless.  The important point is that no matter where I am 
physically, or what long-term storage device I am using via the 
Net, I have complete crypto security.  (Mod Tempest-
surveillance, physical subversion of my crypto box, etc.)  If it 
were done right I could use this same box for my notepad, wallet, 
e-mail agent, Web browser, game-player, etc. etc. etc.


> (But that requires the bank to trust tamper-proof h/w; if you
> give up anon, as you have, you don't need that because it only
> need resist until Joe can revoke his key - easily enough done
> because the shop needs to have a list of valid ones anyway.
> Alternatively you can keep anon but make clearing on-line, 
> which results in what is usually called a digital wallet.)


Hm.  As often happens in these kinds of discussions, we've 
missed each other because of different semantic conventions or 
something.  My idea does not depend upon tamper-proof hardware 
in the sense that the owner must be prevented from cracking it 
open, but it *does* (as does every conceivable crypto system) 
depend on tamper-prevention in the sense that those antagonistic 
to the owner must be prevented from cracking open his box!


Also I haven't given up anonymity at all.  Oh!  You mean in my
example of Joe paying at the grocery store.  Well he can have a
pseudonymous account at that store if he wants.  There is 
certainly no *necessity* to give up self-identity-control in any 
way.


> > It only does this in response to some kind of
> > authentication-action from Joe himself.  Perhaps he
> > inputs a 4-digit PIN.  (It should be designed so that
> ...
> 
> Fingerprint scan?


I thought about that but I personally wouldn't trust it.  It 
might fail to recognize my fingerprint at an important moment.  
Besides, I hate the thought of a mugger taking my index finger 
also when he takes my wallet...


Regards,

Bryce

signatures follow

      "To strive, to seek, to find and not to yield."  -Tennyson
            <a href="http://www.c2.org/~bryce/Niche.html">

                          [email protected]                </a>


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMNXSW/WZSllhfG25AQEF4AP9GKHbSh5RgROKFclm/fgkpI+FcZjagTo9
SBa7Kdn9sFczdk23u6mHbKufDKFJO5oyri5MOPvU2QZwa9iP3zGjaBKcS6QbSOJ2
c4W71cFVJ+YZw8nnsMGwNmdISl2T0VYjQo/za4D2blZMRGDLdHgcl/E3FfTXxn5K
vBEUglr59Gs=
=ksB+
-----END PGP SIGNATURE-----