Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys
2014-03-15 16:41:02
On 03/15/2014 04:40 PM, Nicholas Cole wrote:
On Sat, Mar 15, 2014 at 8:33 PM, Nicholas Cole
<nicholas(_dot_)cole(_at_)gmail(_dot_)com> wrote:
On Saturday, 15 March 2014, Jon Callas <jon(_at_)callas(_dot_)org> wrote:
Now on the other hand, ages ago, we discussed ring signatures, and a use
case that I wanted to do was to make it so that whenever Alice sends Bob a
signed email or other casual message, she would (could?) sign it with a ring
signature of her key and Bob's. Bob knows that he didn't sign it so he knows
that Alice did.
Of course, it's one of those things that are cool, and yet it's hard to
say what it actually does to improve anything.
It also breaks the metaphor of a 'signature' too: the signatures we
currently have work in a very similar way to the ideal real-world signature.
This type of signature doesn't: it is a signature only specific people can
verify, or rather, a signature that could have been made by any one of a
number of people. The problem might then become proving you were *not* the
person who made it, rather than the person who did, and proving a negative
is impossible. I think for that reason I'm not sure would welcome it being
added to gpg. "Yes, that is a signature that I could have made, but I
didn't" is not an easy position...
And thinking about it even further, it compounds a problem that
someone (was it you, Jon?) has written about in the past. Even though
we all know that key UIDs can be signed by complete strangers, users
are *often* disconcerted by this fact (which is why there is a
no-modifier flag, even if keyservers have never respected it and even
if it would make the use of OpenPGP even more complicated). Still, a
naive user of an OpenPGP program may draw incorrect inferences about
social relationships from UID signatures. Imagine the outcry of users
if they discovered that documents were in the wild that 'might' have
been signed by them...
N.
This reminds me that I used the name "signer-ambiguous signature" in
some of the early drafts of my proposal. This name concisely describes
the most important property of ring signatures. Now that I think about
it, that is a much better name than "ring signature" for implementations
to present to their end users.
"Signer-ambiguity" was coined by Rivest et al. to describe ring
signatures in their seminal paper in 2001, so it's well-connected to the
concept of ring signatures in the literature.
Unless there are severe objections, I will modify the proposal to use
the phrase "signer-ambiguous signature" to refer generally to the
signatures produced by the scheme, and use "ring signature" only as
technical term for the specific scheme that was chosen to provide
signer-ambiguity.
Vincent
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [openpgp] Non-SHA-1 fingerprints in signatures [was: Proposal for a separable ring signature scheme...], (continued)
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Werner Koch
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Vincent Yu
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Daniel Kahn Gillmor
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Vincent Yu
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Daniel Kahn Gillmor
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Vincent Yu
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Jon Callas
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Nicholas Cole
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Nicholas Cole
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys,
Vincent Yu <=
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Nicholas Cole
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Vincent Yu
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Nicholas Cole
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Jon Callas
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, vedaal
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Falcon Darkstar Momot
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, ianG
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Werner Koch
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Daniel Kahn Gillmor
- Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Werner Koch
|
Previous by Date: |
Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Nicholas Cole |
Next by Date: |
Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Nicholas Cole |
Previous by Thread: |
Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Nicholas Cole |
Next by Thread: |
Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys, Nicholas Cole |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|