[tor-talk] x.509 for hidden services
James A. Donald
jamesd at echeque.com
Sun Oct 27 17:07:17 PDT 2013
x.509 is intended to associate a non human readable public key with a
human readable globally unique user name.
You hope to associate a reputation with that globally unique user name.
x.509 does not actually work, as the phishers routinely demonstrate.
People are used to logging into their bank, and getting slung from one
certificate to the next, none of the certificates having much
resemblance to the name of their bank.
Further, the process of getting and installing an x.509 public key is
too horrid for the ordinary end user to deal with.
Use zooko's triangle. Associate reputation with a public key, and
present to the user not the public key, but the account of the owner of
that public key on the reputation server that curates the reputational
information.
More information about the cypherpunks
mailing list