[cryptography] Allergy for client certificates

Thierry Moreau thierry.moreau at connotech.com
Tue Oct 8 18:18:06 EDT 2013


Guido Witmond wrote:
> On 09/30/13 19:31, Thierry Moreau wrote:
> 
>> Perspective: I'm still working towards a working prototype based on
>> (A) the client PPKP usage paradigm (Public-Private Key Pair)
>> (B) the first party certification paradigm (get rid of requesting any
>> client PKI certificate from any CA)
>> (C) an end-user enrollment scheme that facilitates (B) (and PPKP usage
>> migration in some respect)
> 
> I guess, you and I have the same idea!.
> 
> What do you think of my proposed solution: [0]
> 
> Regards, Guido.
> 
> 0: http://eccentric-authentication.org/blog

I did look at it when you first made an announcement on this list.

I looked at it very briefly again today.

I am not sure you totally get rid of CAs. You seem to propose a CA for 
pseudonyms, freely available to arrange anonymous secure connections.

I don't have any particular opinion; I'm working on something different 
where a service provider adopts the "first party certification paradigm" 
for real user identities (or pseudonyms where the pseudonym owner can 
enroll a new PPKP public counterpart after grabbing the pseudonym).

Good luck with your client certificate experiments and best regards,

-- 
- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1

Tel. +1-514-385-5691


More information about the cryptography mailing list