log☇︎
269900+ entries in 0.187s
asciilifeform: you sign with the pubmod and e.
asciilifeform: the one nitpick is that you cannot sign with an fp.
asciilifeform: (recall, it is quite simple to generate the public modulus from it)
asciilifeform: mircea_popescu: what would enemy win if he ~could~ reconstruct the one element he cannot derive from the ciphertext, the userid string ?
mircea_popescu: and importantly, to continue this discussion asciilifeform , enemy can not reconstruct fp on the basis of intercepting your comms to me.
mircea_popescu: and you can check that it is, but only BECAUSE you are you and have them both.
phf: asciilifeform: wouldn't there just be a process to work with primes primes directly?
mircea_popescu: asciilifeform not manually ; but you will get a notification from me saying "please use 54kh6kl54j3l45 instead of ,mn54,35lkjh4l3 from now on. it's the same modulus".
asciilifeform: sooo if mircea_popescu gets a new userid (say he throws out his polimedia domain because dns is run by hitler) i have to compare the mods manually ?
phf: mircea_popescu: comment needs to be separately signed?
mircea_popescu: phf the only problem is that i want the comment to also be in there.
mircea_popescu: as they say, "save this sort of idea for when your father gives you your part of heavenly kingdom"
phf: well, primes stand on their own, then there's clientside mapping mp -> sexp of primes. anything else can be distributed by any other channel, including "with key", signed by the primes.
asciilifeform: 'this item assures me that it has such-and-such structure.'
asciilifeform: mircea_popescu: if phrased this way, it sounds quite laughable. but this was never the point of selfsig
mircea_popescu: it doesn't come from "this item assures me it is this item"
mircea_popescu: asciilifeform the "selfsig" comes in the form of "i obtained this key of mp from verified channel to mp".that's the sig.
asciilifeform: mircea_popescu: i quite agree. if mircea_popescu wants to distribute his own key without selfsig in the sexpr, he is welcome to.
mircea_popescu: phf they COULD just have made that "Comment" in some serialization and did the fp over it like i propose and been scott free.
phf: mircea_popescu: oh bunch of random shit, first name last name comment date generated random DOS era flags. all the stuff that's been brought up before
asciilifeform: but it do NOT see the win from letting any arbitrary bit of binary garbage pass itself off as a valid rsa key + userid set.
mircea_popescu: asciilifeform if you agree to package it separately, add to that "no automated signing of anything" and you've got my position.
asciilifeform: phf: i have no dispute re packaging the sig separately.
mircea_popescu: phf what meta ? the comment ?
mircea_popescu: this is the problem with socialist solutions : they cap the benefit certainly ; and offer some solution that half works. so you've traded the long tail of the future for the guarantee of current failure.
asciilifeform: well smart money bets that it isn't keygen-side (or it would have valid new sigs.)
mircea_popescu: the fact that the youth is imbecile crates such designs
mircea_popescu: the fact that it appears to breeds idiocy in the youth.
asciilifeform: (sha1 thereof, rather.)
asciilifeform: in gpg it is rsa sig of all the bits in the turd other than itself.
mircea_popescu: find someone to sign for you.
mircea_popescu: the one thing you can't do is - SELF SIG.
mircea_popescu: what the fuck is a "self sig" ?
mircea_popescu: 3) as it's theoretically nonsensical, it feeds a bunch of idiotic yet unconscious expectations in the mind of the user. i am well convinced that the general "i'll pull myself by own breeches" attitude of "creative" people is both due to and resulting in the gpg selfsig
asciilifeform: (yes you can swap out sha1 for 512 in own sigs, but what if i want to sign ACTUAL datum, not hash?)
asciilifeform: well, the way it is done in gpg (rsa sig of sha1) is indeed retarded
mircea_popescu: as it's not acctually correctly designed it 1) creates false sense of security ; 2) creates unnecessary byzantinism and "can't pop the hood on this" ☟︎
mircea_popescu: sure. some classes : as it's unnecessary in the discussed scheme, it 1) adds weaknes through requiring unneeded computation ; 2) gives crevice for shitgnomery for no reason (see anvin bs) ; 3) possibly creates weakness through unnecessary computation on key generation
asciilifeform: well selfsig prevented this.
mircea_popescu: though material encrypted to it will still only be readable by me.
mircea_popescu: i want it to work this way though. if you take away my comment from my key and add something about how "miss piggy is the hawtest!!1" it's not, in my view, the same item.
asciilifeform: the 'fp as authenticator' only works if you, as mircea_popescu suggested, hash over the id string.
mircea_popescu: talmud also had this.
mircea_popescu: the first time you encounter them you're in the presence of their owner.
asciilifeform: issue remains with the first time you encounter a modulus/fp set.
mircea_popescu: anyway, fp is "checksum" de facto - if your modulus rotted it will no longer match the fingerprint
mircea_popescu: it's not "the sks server" that is retarded. is the concept of machine-spread rsa key that's retarded ; much in the way of "machine-generated trust", be it embodied in "dao" or "colored coins" or "safe bitbet" ☟︎☟︎
asciilifeform: srsly we're talking 1500+ y.o. tech.
asciilifeform: even talmud had checksums.
asciilifeform: realize that when it is moved from place to place via whatever mechanism, it will rot.
mircea_popescu: machine processes ; people spread/administer. that's rsa key lifecycle.
asciilifeform: magical cable that transmits 0 error ?
mircea_popescu: anything they know works.
asciilifeform: who trade keys using what ?
asciilifeform: who, then, can ?
mircea_popescu: if owner asks "which this" you are not sufficiently connected so as for you to has his key.
asciilifeform: and he asks 'which this'
mircea_popescu: and you ask the owner "is this right"
mircea_popescu: how da fuck did you get the key ?
asciilifeform: having folks 'die and reborn' because they switched email hosts is braindamaged.
mircea_popescu: a) it becomes no longer obvious for enemy whether key is or is not = key he wants to look for.
asciilifeform: selfsig, on other hand, covers whole thing.
mircea_popescu: i am in favour of includingthe comment. for the following two reasons :
asciilifeform: the e and the N. (in the case of rsa.)
mircea_popescu: the one remaining cowlick is, should fingerprint cover the whole e, N, comment ?
mircea_popescu: asciilifeform i see no problem with this.
asciilifeform: idea is that a fully uncompressed, dearmoured, etc. key will be a sexpr.
mircea_popescu: i dunno, im trying to follow your idea here ?
mircea_popescu: and for the record, base-tmsr=` !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_abcdefghijklmnopqrstuVWXYZ{|}~`
asciilifeform: 'saving bits' belongs at ~that~ layer, not in the crypto format.
asciilifeform: btw if somebody wants to gzip the sexpr and base-whatever it, nobody keeps him.
asciilifeform: where book-length turd specifies how the bigint bits must be stored, etc.
asciilifeform: well ~having~ an 'armourer format' implies the whole bag of shit.
asciilifeform: i.e. the whole fucking rfc4880/2440 business.
asciilifeform: the reason i favour sexpr is that 'magic format fields' are retarded.
shinohai: ;;later tell BingoBoingo http://ix.io/1eUa
asciilifeform: and we will go broke over telegraph time, sending a few moar bits ?
mircea_popescu: because hex takes 2 characters per byte ; whereas this would take ~1.232 characters/byte
asciilifeform: why have the blob code/decode gymnastics at all.
asciilifeform: with the moduli, in, yes, hex
asciilifeform: why not go the next step and have human-readable key.
asciilifeform: lel, not to a lisp programmer!1111
mircea_popescu: ascii 32! through 126 inclusive excepting #96
asciilifeform: and what did 96 ever do to mircea_popescu
mircea_popescu: ascii 36 through 126 inclusive excepting #96
mircea_popescu: asciilifeform ideally tmsr rsa, such as for eulora etc, uses a fp and armored base90 as above. so there!
mircea_popescu: ascii 36 through 126 inclusive (91 elements). much better.
deedbot: https://www.facebook.com/base56gym/ << BASE 56 GYM | Facebook | http://rossduggan.ie/blog/codetry/base-56-integer-encoding-in-php/ << Base-56 Integer Encoding in PHP | Ross Duggan | http://thebaseyouthcentre.co.uk/about-us/base56/ << Base 56 | The Base Youth Centre
mircea_popescu: actually, why the fuck are we even using "base 56", which is braindamaged (no 1 AND no l ? really ?) when we should really be using base-120 or somesuch, ascii-high-byte half.
asciilifeform: 'key id' is a heavy burden to put on a poor old hash.
asciilifeform: mircea_popescu: with a hash that long, you may as well simply display the modulus.
mircea_popescu: yeah this entire "id of rsa key" thing needs a fix. i imagine sha512 of tmsr standard is the only way to go.
asciilifeform: because It Never Happened! And If It Did, We Had It First! And Better! And Hanno Boeck! And Who Were Those Terrorists Again?
asciilifeform: (even now, observe the pains to which the supposed 'luminaries', e.g., the kernel folk, go, to avoid mentioning phuctor)
asciilifeform: it's been a thing, for eons.
asciilifeform: (one of the first phuctor finds)
asciilifeform: phf: recall the faux peter anvin key ?
phf: i suspect that phuctor work has increased attention to gpg both on wrecker and on attacker side. no way that short-id collision would've been a thing without phuctor
asciilifeform: which is where we get the mirrored keys on phuctor.
asciilifeform: sks, lulzily, continues to insist on displaying the short fp.