On 01/31/14 01:24, jim bell wrote:
'Somebody' needs to solve the 'password problem'.
Maybe this is already a well-discussed matter, and I understand that a partial solution includes the use of fingerprint readers, rings, and possibly retina-scans.
Plugging my ideas on client certificates once more: I've come up with a way how to get away from passwords into the realm of pseudonymous client certificates. It uses the centralised DNSSEC structure to create decentralised, zooko-squared names. Each site signs the client certificates for it's own visitors. People will acquire as many certificates as people have passwords nowadays. Each certificate is an independent identity. A user agent takes care of all these identities and the cryptography involved. Other benefits: the user agents prevent MitM attacks, making the spoiled-onions Tor problem a thing of the past. The subversive part is that no site can prevent any two members from communicating directly. Imagine two people using their faceboogle-signed client-certificates to authenticate each other with OTR over XMPP using PFS. With DNSSEC, it can be implemented right now. The DNSSEC part might be replaced with a Namecoin or other central naming system when the need arises. I thought cypherpunks might appreciate a design like that, but I could be mistaken. Regards, Guido Witmond. See: http://eccentric-authentication.org.