[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TOR bundle on hostile platforms: why?



On 08-08-13 00:31, z0rc wrote:
> Have you heard of this?
> 
> http://www.zdnet.com/nsa-spying-trust-the-pki-or-its-anarchy-on-the-internet-7000018946/

Quoting from the article:

> No, your choices are to trust all those big, bad corporations or 
> anarchy. I don't think that's hyperbole; an Internet without a CA
> system today would be anarchy. Nobody could perform any sensitive
> operations like banking and you'd be nuts even to do email on it. So >
just accept that you have to trust Microsoft and Symantec and, for
> what it's worth, the NSA.

That's what I'm trying to address with my protocol. [0]

I've come up with a way that lets each web site run its *own*
certificate signer. It signs the server certficate and puts that into
DNSSEC with DANE. This removes the need for trusted third parties.

That same certificate signer also signs client certificates. The client
certificate is the *account* at the site.

As the web browser can validate the server certificate at connect time,
it can check that the server certificate root matches with the client
certificate root. Only if they match, the browser will log in.

No need to trust anyone. Verification is at the heart of the protocol.
In fact, users won't see the crypto at all.[1]

The proof of concept is in a web proxy and you test it at [2]

Guido.

[0]
http://eccentric-authentication.org/eccentric-authentication/five-minute-overview.html
[1]
http://eccentric-authentication.org/eccentric-authentication/design-goals.html
[2] http://eccentric-authentication.org/blog/2013/06/07/run-it-yourself.html
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk