[Cryptography] Novelty versus reuse
Bill Woodcock
woody at pch.net
Wed Jun 30 07:57:33 EDT 2021
> On Jun 30, 2021, at 9:55 AM, Natanael <natanael.l at gmail.com> wrote:
> The main feature of blinded signatures is that an organization can issue tokens to individual users which then allows those users to connect to various services and proving only that they have received authorization from the organization, without sharing their individual identities. While usage for something like a VPN or intranet access would still mean that the users sends traffic likely to be deanonymizing through the service they connected to, it can also be used with for example oblivious DNS and numerous other privacy preserving services to prove you are authorized to make requests without revealing who you are. It's a small component of other protocols, and removes one source of information for identifying a user.
Ok, so my hypothesis 2.0: Perhaps Apple is using draft-irtf-cfrg-rsa-blind-signatures-00 between iCloud+ customers and Apple proxies (“entry nodes”) so that the iCloud+ customer can prove that they are indeed a fully paid-up customer, rather than a free-rider, without disclosing their identity to Apple.
Which wasn’t the thing I thought it was being used for. Which means that TLS client certs may still be the mechanism of choice for identifying specific users to resolvers that have to give different answers to different users. Anything I should know about TLS client certs that isn’t obvious from https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.6 ?
-Bill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210630/a1add204/attachment.sig>
More information about the cryptography
mailing list