[Cryptography] client-side authorization

John Denker jsd at av8n.com
Tue Nov 15 14:39:09 EST 2016

On 11/15/2016 12:59 AM, Pieter Rogaar wrote:
> In today's threat models, there is also the metadata angle to
> consider. Client certificates are exchanged before the TLS connection
> is encrypted. Therefore, any information in the client certificate is
> sent in the clear. For server-to-server, this may be acceptable, but
> for regular clients: no. In this sense, client certificates are a
> definite step back from the web-based authentication to which we have
> become accustomed.


I changed the Subject: line because AFAICT talking about «certs»
is the wrong way to frame the discussion.  Certificates as we know 
them leak all the wrong things and certify all the wrong things.

I am reminded of the quote from BtVS:
  	Ford:  "I know who you are."
	Spike: "Yeah, I know who I am too, so what?"

The fact that somebody can /identify/ me (i.e. pick me out of a lineup)
does not prove that I authorized this-or-that transaction.  In the present
context, the goal should not be identification or authentication, but
/authorization/.  For starters, a «signature» is not helpful, unless I
know exactly what I am signing.

Perhaps rather than fussing with the details of x.509 certs, we should
be looking at zero-knowledge proofs.

More information about the cryptography mailing list