I think the comparison is that you don't meaningfully authenticate the first connection.
This is wrong, though: although new users will, in fact, be temporarily MITMed, all returning users will see a big scary warning page that will cause them to (perhaps automatically) report the problem to their browser vendor. Google/Mozilla will promptly drop the offending URL into the malware-sites list, and the new users will thereby be rescued as well.
That's true, and also, those first connections are authenticated (they're just not authenticated perfectly). There's a difference between weak authentication and no authentication, as aggravating as it is to point out.
We're talking about referring to Telehash's approach as "ubiquitous encryption" with "self-consistent authentication" but nobody seems to agree on what authenticating an identity means in the first place.
Pinning encryption to addressing solves those problems at a lower layer, and leaves phishing attacks to be solved separately. I don't know that anything I'd call "perfect authentication" can be solved within the X.509 framework.
Could you elaborate what you mean by "pinning encryption to addressing"? Do you mean DNSSEC? Doesn't that suffer from the same third party trust problem as any other PKI based system?
Public key cryptography doesn't require X.509's third party trust model, but as the author of the article points out, PGP key exchange is not quite as simple as just trusting the CAs your browser vendor decided you should trust.
Telehash is taking an approach that completely sidesteps the problem of human-memorable names, though. It uses the public key fingerprint as the "network address" of a node in a DHT. The Telehash address is globally routable, like an IP address, but there is no MITM possible, because only a node with the private key generating the address (fingerprint) can communicate at all using that address.
There is still the problem that humans don't want to type in an IP address, let alone remember something unwieldy as 9ba9c175c3c26af9df5c8163ea91d4ae4eca59ba95d66deb287c89ea0c596979. But deciding whether to trust that key is distinct from verifying data is signed with the same fingerprint.
Yeah, that's what I meant (and couldn't properly articulate).
So the difference is the reporting mechanism, that allows a powerful organisation to make meaningful threats to protect others?
Because in [Garfinkel 2003] it's similar: returning users get a big, fat warning, but they can't meaningfully do anything about it on their own, except not trust the other side.
I'm asking, because I dimly remember you not being a fan of OE -- have I confused you with someone else there?