[cryptography] Client certificate crypto with a twist
guido at wtmnd.nl
Tue Oct 16 10:37:51 EDT 2012
I've done my homework and come up with a new description of Eccentric
Authentication and what it, I humbly believe, can bring us. I hope
it's more clear than my previous ramblings.
It's a big piece at https://www.ecca.wtmnd.nl/explanation.html.
Client certificates have a lot of unused potential.
My protocol allows to create client certficates easily and
cheaply. That solves the Yet-Another-Account problem.
It allows unknown parties to communicate securely and anonymously. I
give the example of a dating site that allows members to communicate
private messages without the site being able to read any of it and still
preserving the complete anonymity of the site members.
I go further and with the use of DNSSEC and DANE, I can communicate a
client certificate over the phone to bootstrap a secure channel.
The hard part is, as some responses in this thread already mentioned,
browsers are really not up to it. We need to change the web browser
into a User Agent that puts the users interests first.
With kind regards,
More information about the cryptography