[cryptography] The Government and Trusted Third Party

James A. Donald jamesd at echeque.com
Sun Sep 18 17:21:25 EDT 2011

On 2011-09-19 2:32 AM, Marsh Ray wrote:
> The entire concept of a "preexisting relationship" adds new state to the
> client endpoint (the web browser). This might seem like a small thing,
> but it really isn't. To the extent a solution built on this
> observation is effective, this state is also security critical.
> Now that we have security critical state in the user's web browser, it
> add a lot of complication to the user interface.

Need to distinguish between relationships, and existing knowledge of an 

A pre-existing relationship is a logon.  Browsers have to explicitly 
support logons with zero knowledge proof.  This requires substantial 
additional user interface, as logon has to be part of the chrome, not 
part of the web page:

There are three cases:

Bob recommends Ann to Carrol, Bob needs to give Carrol an unforgeable 
reference to Ann:  That is a yurl.

Bob knows that Ann is good, wants to make sure he is connecting to the 
same entity as last time.  That a yurl in his bookmarks.

Bob has a relationship with Ann.  That is logon or shibboleth, needs a 
zero knowledge proof to establish a connection.

That seems to cover all the cases, including the case that SSL/PKI was 
designed for:  Identifying the real retailer is a job for yurls, not 
certificates, and a credit card number is a shared secret, a job for 
zero knowledge proof.  Your credit card number is just a low security 
logon with your credit card issuer.

More information about the cryptography mailing list