On Sun, Jan 26, 2014 at 9:44 AM, Guido Witmond <[email protected]> wrote: > ... Although NULL encryption is a problem, I expect that most > crypto-toolkit developers will disable these in their default > configuration... There is nothing in eccentric authentication that specifies > one > branch of public key mathematics over another. I deliberately leave the > choice of either RSA, EC, or others out. As I'm not a cryptographer, I > can't make that decision. I do specify what I expect the protocol needs > to accomplish. It's up to the experts to match the appropriate parts. My > prototype used RSA/TLS/DNSSEC
fair enough; my position is that this is insufficient and passes the buck. many don't agree. said another way: security is everyone's responsibility! everyone should encourage and enforce strong defaults, strong suites, and accept no less. (i pay bribes in bitcoin to adopt this position ;) > In fact, with a proper setup, the Root certificate's private key for the > site does not live at the server, for signing, it uses a subRoot. this is better; although perhaps more cumbersome key management wise. good key management always cumbersome it seems! > Now when the site gets hacked, the hackers can create more accounts for > themselves or invalidate other peoples' accounts. But the attackers can > never impersonate any of the sites user accounts at other sites, as > these use their own signing key. I believe it is more safe than hashing > passwords. absolutely better than storing hashed passwords. how many people generate long, random, unique passwords for every site? > The eccentric-protocol can use other global unique naming schemes. The > requirements are: easy and cheap enough so every website can get a > unique and human memorize-able name. Namecoin might fit the > requirements, or GNS (GnuNet). GNet NS is locally scoped to each peer as of my understanding, so not quite a strong global unique naming scheme. i do believe on further reading that Namecoin would work, and am looking at this further... thanks for the responses and clarifications! best regards,
