[Cryptography] On the internet, there is only Alice. was: Re: On the deployment of client-side certs
guido at witmond.nl
Sat Nov 19 06:38:28 EST 2016
On 11/14/16 23:45, Ray Dillinger wrote:
> In response to recent discussion on the list:
> This sounds like a proper use case for self-signed certs (on the
> consumer side) with pinning (on the host side) to prevent fraudsters
> from impersonating consumers.
> That's within practically everybody's capability, (in the sense that
> code to create self-signed certs is all over the place and most SSL
> implementations allow certs to be used on both sides) but nobody's about
> to do it (consumers) or require it to be done (bankers, merchants, etc)
> or facilitate doing it (servers, browsers, mail clients, etc).
I've asked myself these questions too and I came up with what I call
Eccentric Authentication, a protocol to make it possible to mutually
authenticate a stranger and a well known identity.
Classic cryptography assumes there are two (or more) parties (Alice and
Bob) that know each other and need secure communication trough an
non-secure network. The meet upfront and agree on a protocol and
That model doesn't work on the internet, as *there is only Alice*.
On the internet, there are a well known entities and lots of strangers
who want a secure connection with some well knowns. The strangers need
to be able to authenticate at a well known site, the site needs to be
able to recognize (authenticate) recurring visitors reliably.
See my blog:
My protocol implements the well known entities by using a private CA for
each site. It signs the server certificates and client certificates. The
Root certificate goes in a DANE-record. The CA is the identitiy for the
site, user know sites by domain name.
The user runs a user agent (a browser?) that verifies the DANE-record
against the server certificate at connection time.
When the site requires a user to log in, it points to the site's CA
where to get a client certificate. Users can get one - for free - when
offering public key and a nickname. The CA signs a certificate with the
nickname@@<site's domain name> and returns it in a single https
request/response. Now the user can log in.
The protocol describes a verification service that detects sites who
cheat by signing mitm-certifcates for their users.
Given this protocol, the private CA, the verification service and the
user agent, it's getting much easier for the users:
- easy signup;
- users remain anonymous; ( a new key pair and different nickname per site)
- sites that post signed messages from users become key echanges;
- that leads to end-to-end *authenticated* private messages;
- that leads to independent private channels through Tor, invisible for
- these channels remain, untouchable by anyone except the two participants.
On local hardware reliability:
As Thierry Moreau mentioned:
> My bet is that is is impossible to come up with a sound API design
> (between the secure chip and the hostile general-purpose digital
> computing environment). Basically, if the secure chip provides a
> service to a legitimate application and refrain from doing so for
> something else, the secure chip needs another secure scheme for
> deciding which application is legitimate.
To solve this, I forsee that we need to get rid of the Unix-model of
ambient authority and move towards explicit authority, such as
Genode.org provides. That makes it easy to run untrusted software in a
sandbox without any risk to the keys to the kingdom.
It's all on my site: eccentric-authentication.
Try the demo:
With regards, Guido Witmond.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the cryptography