On 10/09/13 00:18, Thierry Moreau wrote: > Guido Witmond wrote: >> On 09/30/13 19:31, Thierry Moreau wrote: >> >>> Perspective: I'm still working towards a working prototype based on >>> (A) the client PPKP usage paradigm (Public-Private Key Pair) >>> (B) the first party certification paradigm (get rid of requesting any >>> client PKI certificate from any CA) >>> (C) an end-user enrollment scheme that facilitates (B) (and PPKP usage >>> migration in some respect) >> >> I guess, you and I have the same idea!. >> >> What do you think of my proposed solution: [0] >> >> Regards, Guido. >> >> 0: http://eccentric-authentication.org/blog > > I did look at it when you first made an announcement on this list. > > I looked at it very briefly again today. > > I am not sure you totally get rid of CAs. You seem to propose a CA for > pseudonyms, freely available to arrange anonymous secure connections.
Hi Thierry, I don't use Global CA's at all. Perhaps I need to clarify that point on my site: Each Local CA, one for each site, signs the server certificate for that site. It also creates a subCA that signs the customers' client certificates. Then store the root CA private key offline. When a visitors sign up, they get a client certificate signed by the subCA. Whenever a customer visits the site again, their user agent (browser) checks the server certificate to learn the CA and the agent only offers the client certificates that match that server certificate CA. This protects the user against phishing as the crooks can redirect DNS and DNSSEC (by hacking into the DNS-registrars) but they cannot copy the site's root Certificate. That should live offline on a smart card/hsm. The user agent cannot offer this protection with Global CA supplied server certificates. There is nothing for the user agent to tie the client accounts to: Not the server certificate, because that changes every year because the CA wants (more) money. Not the CA-root because that one is used to sign many site certificates, giving the same problem again of selecting the correct client certificate amongst the many in my browser. And if the agent ties the client certificate to the domain name of the site, it falls prey to phishers who can use a Diginotar attack. And apparently NSA can do that in real time. Perhaps I should give the local CA a different name. Regards, Guido.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography