[Cryptography] client-side authorization
John Denker
jsd at av8n.com
Tue Nov 15 14:39:09 EST 2016
On 11/15/2016 12:59 AM, Pieter Rogaar wrote:
>
> In today's threat models, there is also the metadata angle to
> consider. Client certificates are exchanged before the TLS connection
> is encrypted. Therefore, any information in the client certificate is
> sent in the clear. For server-to-server, this may be acceptable, but
> for regular clients: no. In this sense, client certificates are a
> definite step back from the web-based authentication to which we have
> become accustomed.
Agreed.
I changed the Subject: line because AFAICT talking about «certs»
is the wrong way to frame the discussion. Certificates as we know
them leak all the wrong things and certify all the wrong things.
I am reminded of the quote from BtVS:
Ford: "I know who you are."
Spike: "Yeah, I know who I am too, so what?"
The fact that somebody can /identify/ me (i.e. pick me out of a lineup)
does not prove that I authorized this-or-that transaction. In the present
context, the goal should not be identification or authentication, but
/authorization/. For starters, a «signature» is not helpful, unless I
know exactly what I am signing.
Perhaps rather than fussing with the details of x.509 certs, we should
be looking at zero-knowledge proofs.
More information about the cryptography
mailing list