|
From: | Nick Jennings |
Subject: | Re: [GNU/consensus] Introducing Eccentric Authentication |
Date: | Sun, 2 Jun 2013 02:12:23 +0200 |
Hello all,
At the invitation of Hellekin, I'll post an introduction on Eccentric Authentication [1,2] to this place.
In short: Eccentric Authentication is a protocol and software suite to deploy client certificates for authentication and communication.
TL;DR:
Instead of requiring to trust a third party CA, Ecca puts the CA in the hands of the web site operator. It signs certificates only for his customers. A First Party CA.
This gives many benefits:
- This eliminates passwords and email addresses, providing more privacy to the sites' visitors.
- It can be used to encrypt and sign messages to other visitors at the site, where the cryptography is done on the clients computer. (plug in)
People are expected to create many accounts at many sites. Each certificate is effectively an identity. Albeit, the site owner knows nothing about the real identity of the person unless she divulges more private data.
There are more things to achieve:
- with the websites TLS keys are signed by the same First Party CA, it allows user agents to recognise a site even when it's domain name has been revoked by some judge or govenment.
- With separation of identities and message delivery addresses, we can create anonymous email.
- With DNSSEC/DANE in the mix, we can square Zooko's Triangle and have unique, human readable public identities. We can exchange public keys by naming an identity at a site.
With Regards, Guido Witmond
[1] http://eccentric-authentication.org/eccentric-authentication/introduction.html
[2] http://eccentric-authentication.org/blog/
[Prev in Thread] | Current Thread | [Next in Thread] |