On Sun, Jan 26, 2014 at 9:44 AM, Guido Witmond <guido@witmond.nl> wrote:
... Although NULL encryption is a problem, I expect that most crypto-toolkit developers will disable these in their default configuration... There is nothing in eccentric authentication that specifies one branch of public key mathematics over another. I deliberately leave the choice of either RSA, EC, or others out. As I'm not a cryptographer, I can't make that decision. I do specify what I expect the protocol needs to accomplish. It's up to the experts to match the appropriate parts. My prototype used RSA/TLS/DNSSEC
fair enough; my position is that this is insufficient and passes the buck. many don't agree. said another way: security is everyone's responsibility! everyone should encourage and enforce strong defaults, strong suites, and accept no less. (i pay bribes in bitcoin to adopt this position ;)
In fact, with a proper setup, the Root certificate's private key for the site does not live at the server, for signing, it uses a subRoot.
this is better; although perhaps more cumbersome key management wise. good key management always cumbersome it seems!
Now when the site gets hacked, the hackers can create more accounts for themselves or invalidate other peoples' accounts. But the attackers can never impersonate any of the sites user accounts at other sites, as these use their own signing key. I believe it is more safe than hashing passwords.
absolutely better than storing hashed passwords. how many people generate long, random, unique passwords for every site?
The eccentric-protocol can use other global unique naming schemes. The requirements are: easy and cheap enough so every website can get a unique and human memorize-able name. Namecoin might fit the requirements, or GNS (GnuNet).
GNet NS is locally scoped to each peer as of my understanding, so not quite a strong global unique naming scheme. i do believe on further reading that Namecoin would work, and am looking at this further... thanks for the responses and clarifications! best regards,