-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 http://www.cs.ru.nl/~jhh/ubikima.html
UbiKiMa is a system that proposes to replace password authentication on the Web with an out-of-band cryptographic authentication using a smartphone app. I didn't read the paper, just got curious about it as its author will be present at the 30c3, with a talk that is likely to be more interesting than this: https://events.ccc.de/congress/2013/Fahrplan/events/5214.html Just so my first impression is recorded: as I do not trust smartphones to deliver any kind of security for its bearer, due to a large number of documented flaws (insecure protocols, built-in surveillance and tracking, OS and hardware design flaws / proprietary backdoors, etc.), I don't see myself granting such a device the key(s) to my online activity. The IRMA concept, on the other hand, appears to be rich of potentialities: "Attribute Based Credentials in Practice" is likely to dim local-instantaneous surveillance capabilities, as it would avoid giving full identity when only e.g., your age is required by law. Such an approach would as well be better implemented on credentials delegation on the Web: when I want to post a comment to a blog article, and I am offered to sign in with Twitter in order to do that, I cannot accept giving the comment application read access to my contact list, and read-write access to my timeline. I'm willing to post a comment to a blog article! Stay away from my Twitter feed! Disqus: you suck. Merry HacksMess == hk -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCgAGBQJSuPvXAAoJEEgGw2P8GJg92zAP/0FZ2U9oOZxMa3XbT8DKnePx Ez1hhrlciJcudxPKhAjnQPoHN5JY7s4caLPsge5lB2KNC/sQQWmgBjawyEqOIbsN 4PWESqx6Y2vIInrAa9W2QWLOYbAJERFkyPMl/RQ0IMVQarthMWcmk8/NBF80OS6e SNmoheXSVfGQTk1CqIJtsJcH5AmqroVfOoCq2N2CGtbbFKQBm3UW7XZG04XetLO2 nAo13QSU62ldvKe8Ob+fCHS6YG95vqIwQI9ge8dmiP8yVzrUxjMYzb8tbid0e+t8 KX6mpk5K3IoMjzszZkbJSYBn1Eas3ttbsE0ORxwkvem+pTLwYVRZUM68J6YfazmW v2Lh8Ug7clWetI/EzuGME7+RHq+DXAKfy5zXfar6cqIoIxK3GbioJso8eMSxIJF6 ryB7lTBdPv1ZVQCQ8Y0y63MfCO2M6c5CzzL7R2fxu41b1QJeEY62LBOHc+LFN6FR DDeJhpzCUmrqibL7teJJKSVOw6JNKBIFWPfEsEXUO/C38dfuAjHQYxGI/pp9RDGn 33yuqYZmkm4+dXL6qO10RfmgkFZbAh2oyK+dO88iaLRsplarDZw6nrpgWNfKX4ZB 3UVNfUhV6ffO7Zii0lV8BYvyoprI6E/0G+E4qjLO7+L3b9XTVGhzmjKazFpQG4Ft s61v3c0X4Wzj927hRj4s =cHs9 -----END PGP SIGNATURE-----
