-- James A. Donald:
Suppose the e-gold, to prevent this sea of spam trying to get people to login to fake e-gold sites, wanted people to use public keys instead of shared secrets, making your secret key the instrument that controls the account instead of your shared password.
They could not do this using the standard IE webbrowser. They would have to get users to download a custom client, or at least, like hushmail, a custom control inside IE.
Anonymous
Why do you say that? You were already given pointers to how they could configure their web servers to use certificate based client authentication.
That is a solution to a completely different problem. Using that method the administrator would have to set up each client, which is impractically expensive and inconvenient unless administrator and customer meet personally and their computers are in the same office. The point is that the customer should be able to set himself up, as he does on e-gold, hotmail, hushmail, etc, and that if subsequently he is fooled into logging on to a fake site this should do no harm. James A. Donald:
HTTPS assumes that the certificate shall be blessed by the administrator out of band, and has no mechanism for using a private key to establish that a user is simply the same user as last time.
Anonymous
HTTPS is just HTTP over SSL/TLS. It says nothing about the trust model for the certificates; it merely specifies how each side can deliver its cert(s) to the other side. Deciding which ones to trust is out of scope for TLS or HTTPS.
You cannot use https to implement the trust model that hotmail and everyone else uses. In that sense it does say something about the trust model. It assumes they are subject to hierarchical validation, which e-gold passwords and hotmail passwords are not. hotmail passwords merely show it is the same guy logging in. You cannot use https to do this. It is designed to show it is the guy blessed by the administrator logging in.
E-Gold could set things up to allow its customers to authenticate with certs issued by Verisign, or with considerably more work it could even issue certs itself that could be used for customer authentication. Why doesn't it do so?
Because that is not the trust model they or hotmail want to implement. They don't want true names, and they do not want, and cannot afford, the very great overheads associated with true names. To implement the desired trust model, the client browser would need to generate the private key during account creation. E-gold would then record the corresponding public key. You cannot do that with existing client software. They do not want to turn their business model upside down to support verisign's profit model. The problem is to implement the existing model in a way that protects against the man in the middle attack represented by this storm of fake sites. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG OPeQMye27fygWs3rNrP88mXXiOYU+xcVrAyLlBjO 4+rppNlgtCDm9YfF1Wiqe//vrDa3kdlXpzatLpbhm --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com