Solving the password problem was: Jim Bell's Email crash
Guido Witmond
guido at witmond.nl
Fri Jan 31 05:33:27 PST 2014
On 01/31/14 01:24, jim bell wrote:
> 'Somebody' needs to solve the 'password problem'.
> Maybe this is already a well-discussed matter, and I understand that a
> partial solution includes the use of fingerprint readers, rings, and
> possibly retina-scans.
Plugging my ideas on client certificates once more:
I've come up with a way how to get away from passwords into the realm of
pseudonymous client certificates.
It uses the centralised DNSSEC structure to create decentralised,
zooko-squared names.
Each site signs the client certificates for it's own visitors. People
will acquire as many certificates as people have passwords nowadays.
Each certificate is an independent identity. A user agent takes care of
all these identities and the cryptography involved.
Other benefits: the user agents prevent MitM attacks, making the
spoiled-onions Tor problem a thing of the past.
The subversive part is that no site can prevent any two members from
communicating directly. Imagine two people using their faceboogle-signed
client-certificates to authenticate each other with OTR over XMPP using
PFS.
With DNSSEC, it can be implemented right now. The DNSSEC part might be
replaced with a Namecoin or other central naming system when the need
arises.
I thought cypherpunks might appreciate a design like that, but I could
be mistaken.
Regards, Guido Witmond.
See: http://eccentric-authentication.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140131/0b271dff/attachment-0002.sig>
More information about the cypherpunks
mailing list