Speaker: F0B74D717CDE8412A3E0D4D5F29AC8080DA8E1E0 (also known as Adam Joseph)
This talk will explain the benefits of decentralized protocols which use public keys directly as identities, and encourage this approach for newly-designed protocols.
The example familiar to the most CCC attendees is Tor onion names. At least 20 other protocols use this strategy as well. This talk will briefly survey those examples and explain the benefits of this approach for autonomy, decentralization, and ability to resist surveillance.
The main alternative to public keys is names controlled by some globally trusted party, such as US-ICANN, the DNSSEC root key, or the browser-vendors' WebPKI appointees. This talk will explain the drawbacks of centralized alternatives.\r\n\r\nIf a protocol uses public keys as identities, it should allow users to keep their permanent private key offline. Private keys in online "secure elements" are not offline. Because an online device requires a network connection its physical location cannot be hidden; this means it can be seized or stolen and the keys extracted using a vulnerability like the one recently discovered in all Yubikeys and Infineon TPMs. Only a small number of protocols support offline identity keys. This support cannot be added to a protocol "after the fact"; it must be included from the very beginning. This talk will encourage protocol designers to include this feature from the very beginning, and will give concrete advice ("copy SSH or Tor") on how to do it.
More details can be found here: https://codeberg.org/amjoseph/not-your-keys-not-your-name.