Hello Everyone, I've done my homework and come up with a new description of Eccentric Authentication and what it, I humbly believe, can bring us. I hope it's more clear than my previous ramblings.
It's a big piece at https://www.ecca.wtmnd.nl/explanation.html. TL;DR: Client certificates have a lot of unused potential. My protocol allows to create client certficates easily and cheaply. That solves the Yet-Another-Account problem. It allows unknown parties to communicate securely and anonymously. I give the example of a dating site that allows members to communicate private messages without the site being able to read any of it and still preserving the complete anonymity of the site members. I go further and with the use of DNSSEC and DANE, I can communicate a client certificate over the phone to bootstrap a secure channel. The hard part is, as some responses in this thread already mentioned, browsers are really not up to it. We need to change the web browser into a User Agent that puts the users interests first. With kind regards, Guido Witmond. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
