On Wed, Oct 10, 2012 at 1:44 PM, Guido Witmond <gu...@wtmnd.nl> wrote: > Hello Everyone, > > I'm proposing to revitalise an old idea. With a twist. > > The TL;DR: > > 1. Ditch password based authentication over the net; > > 2. Use SSL client certificates instead; > > Here comes the twist: > > 3. Don't use the few hundred global certificate authorities to sign > the client certificates. These CA's require extensive identity > validations before signing a certificate. These certificates are > only useful when the real identity is needed. > Currently, passwords provide better privacy but lousy security; > > 4. Instead: install a CA-signer at every website that signs > certificates that are only valid for that site. Validation > requirement before signing: CN must be unique.
http://tools.ietf.org/html/draft-balfanz-tls-obc-01 _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
