[Cryptography] On the internet, there is only Alice.

Guido Witmond guido at witmond.nl
Sun Nov 27 17:45:49 EST 2016

[Now as a separate threat where this belongs....]

Dear List,

Classic cryptography assumes there are two (or more) parties (Alice and
Bob) that know each other and need secure communication trough an
non-secure network. The meet upfront and agree on a protocol and
exchange keys.

For example, if I want to open a bank account, I visit a branch office,
show my government issued ID and get accepted (or not). I create a
password, receive a TAN-generator and go home, ready to do internet banking.

However, that doesn't work with online banks. There is no branch office
to visit. So I need to make sure I connect to the correct server, ie. I
need to be able to authenticate the bank, tell it apart from the other
banks and criminals.

The classic model doesn't work online, as *on the internet there is only

On the internet, there are a well known entities and lots of strangers
who want a secure connection with some well knowns. The strangers need
to be able to authenticate at a well known site, the site needs to be
able to recognize (authenticate) recurring visitors reliably.

See my blog:

My protocol implements the well known entities by using a private CA for
each site. It signs the server certificates and client certificates. The
Root certificate goes in a DANE-record. The CA is the identitiy for the
site, user know sites by domain name.

The user runs a user agent (a browser?) that verifies the DANE-record
against the server certificate at connection time.

When the site requires a user to log in, it points to the site's CA
where to get a client certificate. Users can get one - for free - when
offering public key and a nickname. The CA signs a certificate with the
nickname@@<site's domain name> and returns it in a single https
request/response. Now the user can log in.

The protocol describes a verification service that detects sites who
cheat by signing mitm-certifcates for their users.

Given this protocol with the private CA per site, the verification
service and the user agent, it's getting much easier for the users:
- easy signup;
- users remain anonymous; ( a new key pair and different nickname per site)
- sites that post signed messages from users become key echanges;
- that leads to end-to-end *authenticated* private messages;
- that leads to independent private channels through Tor, invisible for
the site.
- these channels remain, untouchable by anyone except the two participants.


Guido Witmond.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161127/8017be85/attachment.sig>

More information about the cryptography mailing list