[Cryptography] Help please, considering design of personal CA for PPE
Phillip Hallam-Baker
phill at hallambaker.com
Thu Jun 19 08:27:18 EDT 2014
On Wed, Jun 18, 2014 at 4:10 PM, Guido Witmond <guido at witmond.nl> wrote:
> On 06/17/14 03:02, Phillip Hallam-Baker wrote:
> > So I am almost at the stage where I can loose PPE (Privacy Protected
> > Everything) onto the world.
> >
> > I would like to do a sanity check on the design before starting to
> > get actual users since once you do that...
> >
> >
> > The ideas are
>
>
> > 1) Lifelong master root key, The hash of the public portion of this
> > key is the user's life long phingerprint. Cert has 100 year expiry,
> > subject + issuer name is the phingerprint
>
> My shillings:
>
> How many identities would each person have? One? Or as many as the like?
>
As many as they like.
> Can people wield one identity at one site and another at a different
> site? Can sites collude to link these together?
>
I have not fully considered how this would be applied to authentication.
The system has the ability to create strong identities but any system that
can create strong identities can also be used for creating weak ones.
As a practical matter Facebook has never deleted any of my 100+ accounts
and the only one they have ever frozen is my real one. Oddly enough some of
my fake ones get more friend requests than the real which suggests to me
that I'm not the only person doing that sort of thing.
The problem that would arise is that if there is a system for creating
strong identities, sites might insist on their use. And there is a good
reason they might want to - spam. Unfortunately there are also many bad
ones.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140619/c21a7145/attachment.html>
More information about the cryptography
mailing list