[Cryptography] Toxic Combination

Guido Witmond guido at witmond.nl
Fri Dec 5 18:15:25 EST 2014

On 12/05/14 00:40, Abe Singer wrote:

> So, authenticate to your chosen IDP, and get assertions that you can
> hand off to any SP that recognizes your IDP.

How does one get a secure authentication with this IDP? How to signup?
What about strangers that you want offer a secure connection and yet be
able to recognize at later visits. That's why Eccentric uses DNSSEC and

> There are details of course... but it might be easier than developing
> an entirely new protocol that nobody yet supports.

The protocol solves problems that current protocol leave to the end
user: proper authenticating a site.

Quiz: who is the CA of your bank?

With regards, Guido Witmond.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141206/ac4ea090/attachment.sig>

More information about the cryptography mailing list