On Fri, Jan 23, 2015 at 01:05:49PM -1000, Trevor Perrin wrote: > Hi, > > Are we just discussing website login and Web PKI here? > > If there's no direct connection to end-to-end secure messaging, could > people discuss this elsewhere?
If this is about "web" in the sense of not having a proper client application, then I have indeed nothing to contribute. If we think of "website" as some nicely formatted content or (business) transactions between an entity representing an organization and an end-user, then the concepts laid out in end-to-end secure messaging can come into play. Just like a person can have her public key on a QR code, an organization may offer authenticated addressing by means of a advertizing a public key in form of a QR code printed on a brochure or business card. This implies that the system is capable of routing by public key, which is the default in most new generation systems. The same software that provides for end-to-end secure messaging between people can establish a channel between a person and an organization, giving the person the security of speaking to the correct service and leaving it to the user to choose an identified or a pseudonymous "ego" while interacting with the service. I believe this is the foundation necessary to establish all sorts of anonymous or authenticated forms of online business, including the sorts of business logic where the organization only needs to know that it is the same person from last week. Is this a useful contribution / interpretation of the thread? _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
