[cryptography] Client certificate crypto with a twist

Guido Witmond guido at wtmnd.nl
Tue Oct 16 10:37:51 EDT 2012


Hello Everyone,

I've done my homework and come up with a new description of Eccentric
Authentication and what it, I humbly believe, can bring us. I hope
it's more clear than my previous ramblings.

It's a big piece at https://www.ecca.wtmnd.nl/explanation.html. 

TL;DR:

Client certificates have a lot of unused potential.

My protocol allows to create client certficates easily and
cheaply. That solves the Yet-Another-Account problem.

It allows unknown parties to communicate securely and anonymously. I
give the example of a dating site that allows members to communicate
private messages without the site being able to read any of it and still
preserving the complete anonymity of the site members.

I go further and with the use of DNSSEC and DANE, I can communicate a
client certificate over the phone to bootstrap a secure channel.

The hard part is, as some responses in this thread already mentioned,
browsers are really not up to it. We need to change the web browser
into a User Agent that puts the users interests first. 


With kind regards, 

Guido Witmond.





More information about the cryptography mailing list