Solving the password problem was: Jim Bell's Email crash

Guido Witmond guido at witmond.nl
Fri Jan 31 05:33:27 PST 2014


On 01/31/14 01:24, jim bell wrote:

> 'Somebody' needs to solve the 'password problem'.   

> Maybe this is already a well-discussed matter,  and I understand that a
> partial solution includes the use of fingerprint readers, rings, and
> possibly retina-scans. 

Plugging my ideas on client certificates once more:

I've come up with a way how to get away from passwords into the realm of
pseudonymous client certificates.

It uses the centralised DNSSEC structure to create decentralised,
zooko-squared names.

Each site signs the client certificates for it's own visitors. People
will acquire as many certificates as people have passwords nowadays.
Each certificate is an independent identity. A user agent takes care of
all these identities and the cryptography involved.

Other benefits: the user agents prevent MitM attacks, making the
spoiled-onions Tor problem a thing of the past.

The subversive part is that no site can prevent any two members from
communicating directly. Imagine two people using their faceboogle-signed
client-certificates to authenticate each other with OTR over XMPP using
PFS.

With DNSSEC, it can be implemented right now. The DNSSEC part might be
replaced with a Namecoin or other central naming system when the need
arises.

I thought cypherpunks might appreciate a design like that, but I could
be mistaken.

Regards, Guido Witmond.

See: http://eccentric-authentication.org.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140131/0b271dff/attachment-0002.sig>


More information about the cypherpunks mailing list