Threaded Mode | Linear Mode

rev412 · 12-13-2010, 04:37 PM

(12-13-2010 04:10 PM)bug1 Wrote: I was thinking that if you had say a business card (or other printed material) from a bank, they might have a unique identifier printed there (even if it is ugly) alongside the short human friendly name. In this case there is no third party.

I do think trust metrics are a very powerful tool as well.

Essentially you're talking about a PGP fingerprint transmitted out-of-band. Security-wise, it's pretty good. It's going to be difficult for an attacker to insert malicious business cards in the stream (though I bet someone figures a way).

The main problem I've seen with PGP is that it confuses people. The education problem for the vast majority of Internet uses is going to be huge. It's the right answer, in my opinion; I just don't know how to get there.

People like the answer of "let's let DNS do it" because it's easy. The fact that it doesn't actually work appears to be irrelevant for most.

***lauren*** · 12-13-2010, 05:03 PM

Whether we're talking about naming systems, crypto systems (e.g. PGP), or whatever, if they don't operate ubiquitously, automatically, and largely for primary functionality by default, their uptake will always be limited. That's the main reason most email is still being sent around in the clear today. There are ways to encrypt it, but they all take special efforts of one sort or another by users.

It's important that basic functionality in all of these systems at least be as automatic as possible. Added functionalities for "power users" are fine, but the baseline has to be sufficiently high to provide benefits to all users at all levels.

--Lauren--

stewart · 12-13-2010, 05:22 PM

It doesn't seem like an IDONS problem, but off-network transmission of keys and unique identifiers will be needed. Perhaps those business cards can be printed with QR codes on the back. You hold it up to the webcam in your phone or laptop.

Or use the near-field communications stuff in new phones.

***lauren*** · 12-13-2010, 05:47 PM

These are important matters of course, but a bit orthogonal to the initial problem set. Business card QR codes and near-field-capable phones are neat and useful to be sure, but there are more basic matters to dig into first. Also, this thread is starting to get a bit frayed as it lengthens. I'm going to close it now and I'd recommend that we continue these various issues in their own individual new threads. Thanks.