[cryptography] Client TLS Certificates - why not?
StealthMonger at nym.mixmin.net
Tue Mar 5 13:41:44 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Jeffrey Walton <noloader at gmail.com> writes:
> Its the key distribution problem. Its the cause of all the troubles.
I don't understand. Please explain.
What's wrong with the following simple idea:
1. p2p: The parties opportunistically verify out-of-band after
exchanging keys via public key servers or (insecure) email.
2. Prospective customer verification of merchant: Merchant includes
the ID of its signing key in every advertisement and repeatedly
admonishes prospects to "Accept No Substitutes".
3. Merchant authentication of Customer: Merchants don't deal with
people. They deal with keys. It's the key that has the purchasing
power, not some person. Nobody has the illusion that correlation
between key and person is any stronger than that person's security
-- StealthMonger <StealthMonger at nym.mixmin.net>
Long, random latency is part of the price of Internet anonymity.
anonget: Is this anonymous browsing, or what?
stealthmail: Hide whether you're doing email, or when, or with whom.
mailto:stealthsuite at nym.mixmin.net?subject=send%20index.html
Key: mailto:stealthsuite at nym.mixmin.net?subject=send%20stealthmonger-key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>
-----END PGP SIGNATURE-----
More information about the cryptography