a subversive idea

In the previous blog The Holy Grail of Cryptography,
we’ve shown how you can validate keys when you know the person. Once
validated, that key enables the use of the secure channel.

We’ve also shown how we can create a web site that lets total
strangers communicate securely between each other. The web site acts
as introducer, letting strangers exchange keys and provides the transport
for the messages.

Separate identity from transport

Philosphically speaking, the secure channel is an abstract channel.

The secure channel is an abstract channel. It comes into existence at
the moment the public keys become validated to belong to the other person.

The channel is not tied to a single transport mechanism. Although you
need a concrete transport to use the channel, it is not tied to that
channel. The channel can be manifest in severel different forms.

The first form is the channel that the web site offers. It offers to
transmit a message from one to the other. The sender encrypts the
message with the public key of the recipient so the site cannot learn
of the contents of the message. It can only forward the message to the
recipient. We are going to use that channel to create another one.

A dating site

Suppose we run a dating site. Bob has seen Alice’s profile and they
have sent some private messages back and forth via the site. Bob
decides he wants to take it a step further and wants to talk to
her. He opens a ZRTP-listener on his own computer. It’s a protocol for
encrypted (confidential) voice and video chat. He does three things:

  1. He configures it that it only accepts connections that are
    identified with the certificate of Alice. Thus, only Alice can call,
    all others are rejected.

  2. He configures it with his dating-site certificate and private key,
    so Alice can verify it’s that Bob from our dating site.

  3. He sends Alice an encrypted message through the dating site in
    which he specifies the ZRTP-endpoint, inviting her to place the call.

Then he waits until Alice places the call. (If she decides to do so).
When he receives a call, it can only be Alice as she’s the only one
with the private key that matches her certificate.

Now they can talk in private. Not even the dating site learns that
they are calling. The site is not involved anymore. The call goes
direct from Alice’s computer to Bobs’..

What we have done here is to use the dating site as introducer between
two strangers so they can exchange public keys without ever having met

All it takes is a public forum, a dating site, blog site or a comments
section at a newspaper to introduce strangers to each other so they can
communicate privately via different concrete channels.

A single message is all it takes

A single message is all it takes to create a new secure channel when
you have an existing secure channel.

Suppose the dating site went broke just before Bob wanted to invite
Alice for his call. The concrete transport that they’ve used so far is
gone. Bob doesn’t have to despair. The abstract channel is still in
place as both still have each others public keys.

All Bob needs to do is to try to create a new concrete channel by
getting the invitation across to Alice. Most likely there will be
some blogging sites that write about the demise of this dating
site. Bob can write a public comment at that blog that reads:

 Dear Alice, I would love to get in contact with you. 
 Please call me at <endpoint>, you can recognize me 
 by my certificate.

 In anticipation, Bob
 <signed with Bob's dating site-certificate>

He then plasters this message everywhere he expects her to see it. (It
helps Bob a lot if they’ve talked about hobbies and such.) When Alice
eventually finds the message, she sees that the signature is from the
same Bob as the one on the dating site. If she wants, she can place
the call.

What happened is that — at the moment Alice has verified the signature on
Bobs public announcement — the secure channel manifested itself.

The power of client certificates

The real power of client certificates is that they don’t get
invalidated when the website and its CA disappear. You may lose a
concrete channel but when you have enough independent other
channels, you won’t lose contact.

The Eccentric protocol makes it easy to create these introducers, so
there is not a single identity to block.

The rest of this web site is devoted to make this dream come true.