[LINK] Public keyrings for Joe Blow in AU?

Karl Auer kauer at biplane.com.au
Mon Nov 8 16:53:21 AEDT 2021 

On Mon, 2021-11-08 at 13:17 +1100, David wrote:
> I'd like to canvass the Link Institute's views on the best source of
> generally recognised, well authenticated, and cryptographically
> secure keys for private citizens of this Wide Brown Land.

As soon as you do this, people from all over the country suddenly start
wanting One Big Centralised Impregnable Identity Database, so be
careful what you wish for.

If I may make so bold, any system should have these characteristics
(banks used as a canonical example only):

1: Client keys are generated by the client - not any centralised body.
If a centralised and trusted body were to distribute a nice simple tool
for generating keys that would be good. The client supplies their keys
in an authenticated transaction, such as at a bank branch, or while
logged in to their Internet banking website. Note: The website does not
generate the keys!

2: The client is responsible for the safety of their private key. There
are a dozens of suitable well-tested wallets to store such things in.

3: The client is responsible for encrypting things. Again - a nice
simple tool for doing so from a trusted source would an be excellent
thing.

4(a): The bank's public key is, well, public. People are advised to
download it only ever from a trusted source. Things not encrypted with
this key are simply rejected. Including if they are not encrypted at
all.

4(b): Alternatively, the bank supplies a different public key to each
and every customer. They can be sent sent securely using the customers'
public keys, or downloaded from the Internet banking website. This
limits the blast radius of a breached key to that one customer.

5: Encrypted things can now be sent hither and yon completely securely.

6: All client-side tools are FOSS.

I.e., totally decentralised. A breach of any client's private key
affects only that client. If 4(b) is implemented, even a breach of the
bank's private key affects only one customer. AND the key itself
absolutely identifies the customer concerned when investigating a
breach. Obviously the store of keys is something that has to be
protected, but that is just as true of a single private key as of a
million.

HOWEVER: With properly developed and controlled websites, people should
be able to just upload and download stuff from the bank's website,
secured via SSL and their Internet banking login. The bank just has to
make sure that it does not actually STORE anything on the website.

And I've just realised that you said "keyring" and that I may not know
exactly what you mean :-) But in the Grand Tradition Of The Internet,
missing your point is in no way going to stop me posting this :-)

> So is our Wide Brown Government going to blunder into the 21st
> century with FAX as the most secure option open to private citizens?

Hey, don't diss fax!

>From https://biplane.com.au/blog/?p=530

"Fax is point-to-point. It’s difficult to intercept except at the
endpoints, interception between the endpoints takes a lot of
specialised knowledge, and no endpoint is a honeypot. The medium is not
inherently copyable. Interception at the endpoint takes a significant
amount of time and requires the physical presence of an attacker. Any
attacker would be able to access relatively few records. Access would
be expensive and slow with very high risk of discovery (unless the
attacker was on staff in which case all communication methods would be
equally compromised), while for the legitimate user the rate of access
is easily sufficient. So fax is actually not a bad means of
transferring private data as long as the fax machines are not located
in public spaces."

Like our electoral system, fax is "good enough". It is in fact largely
because it's NOT easily copyable that people moved away from fax. They
like their digitised documents to be more easily digestible.

Regards, k.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer

GPG fingerprint: 61A0 99A9 8823 3A75 871E 5D90 BADB B237 260C 9C58
Old fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170

More information about the Link mailing list