I appreciate the intention, but I see a lot of problems here. Without doing an exhaustive analysis:
A. This doesn't eliminate phishing because users will still enter their credentials at a site that doesn't actually match the one where the cert was previously signed. Otherwise, existing HTTPS controls would already protect them. B. What zone would contain user keys for DNSSEC? C. Your message transport protocol seems a little unclear - could you walk through it? There are more issues here, but at a minimum I feel like it doesn't adequately address a broad enough threat model. On Tue, Mar 12, 2013 at 4:08 PM, Guido Witmond <[email protected]> wrote: > Ladies and Gentlemen, > > > I've long disliked the direction the internet headed with regards to > privacy. Or it's total disregard of it. > > I've come up with a novel architecture of existing old and recent > cryptographic tools that offers a substantial improvement in security and > privacy. I call it Eccentric Authentication. > > Unlike the current CA-system that requires people to trust them to gain > security, my protocol turns that upside down. Security is what the protocol > provides. Trust is what people gain by using the system. > > The protocol is mostly compatible with the current internet as we know it. > And it prevents most phishing attacks for free. > > I have the hope that this protocol can shift the balance of security and > privacy a bit back towards the people. > > I've written a technical description at [1]. I hope it makes things a bit > clear. Feel free to comment. > > With regards. Guido Witmond. > > 1: http://witmond.nl/ecca/eccentric-authentication.html > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
