[cryptography] Client TLS Certificates - why not?

StealthMonger StealthMonger at nym.mixmin.net
Tue Mar 5 13:41:44 EST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeffrey Walton <noloader at gmail.com> writes:

> Its the key distribution problem. Its the cause of all the troubles.

I don't understand.  Please explain.

What's wrong with the following simple idea:

1. p2p: The parties opportunistically verify out-of-band after
exchanging keys via public key servers or (insecure) email.

2. Prospective customer verification of merchant: Merchant includes
the ID of its signing key in every advertisement and repeatedly
admonishes prospects to "Accept No Substitutes".

3.  Merchant authentication of Customer: Merchants don't deal with
people.  They deal with keys.  It's the key that has the purchasing
power, not some person.  Nobody has the illusion that correlation
between key and person is any stronger than that person's security
habits.

4.  Etc.

- -- 


 -- StealthMonger <StealthMonger at nym.mixmin.net>
    Long, random latency is part of the price of Internet anonymity.

   anonget: Is this anonymous browsing, or what?
   http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain

   stealthmail: Hide whether you're doing email, or when, or with whom.
   mailto:stealthsuite at nym.mixmin.net?subject=send%20index.html


Key: mailto:stealthsuite at nym.mixmin.net?subject=send%20stealthmonger-key

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>

iEYEARECAAYFAlE2G5kACgkQDkU5rhlDCl5QggCdHIykKqh1NSupIu5/85okO50C
fr0AoK95/a+NHJheC+78w6op8dooFuto
=lSEg
-----END PGP SIGNATURE-----




More information about the cryptography mailing list