[Cryptography] Anonymous rendezvous (was Business opportunities in crypto)
jrzx
jrzx at protonmail.ch
Mon May 10 07:37:10 EDT 2021
On Friday, May 7, 2021 2:39 PM, John Levine <johnl at iecc.com> wrote:
> When I use my bank's web site, I consider it rather
> important that the entity I deal with through the web sit
> is the same one I deal with when I walk down to their
> physical branch.
People are using their bank's physical branch less and less.
Let us consider a case that is *not* going away. You want
to get on your employer's physical network, you want to connect
to the correct vpn, from the other side of the world.
By and large, you don't rely on a CA to identify your employer,
but on a public key or shared secret key you physically received
from your employer.
When I log on to a financial institution, I generally use a
physical device to identify myself, either I plug a device
into a usb port, or my device generates an eight digit single
use password.
Given that physical infrastructure, why should it not support
mutual authentication? If you went in person to the bank, and
they in person gave you a card with a chip, it would not be hard
to have the chip, rather than the certificate authority, know
the chip's home.
More information about the cryptography
mailing list