On Wed, 17 Sep 2003, David Schwartz wrote: > That doesn't help in this case. You need a way to verify ownership of an > identifier. I don't want anyone else to be able to claim my identifier. > > Perhaps we can devise a scheme where I generate a random number and morph > it into a 'private key'. Then I pass it through some algorithm to generate > a 'public key' which is the identifier that I use. I then use the private > key to prove my ownership of the public key. Nobody else can claim my public > key because they don't know the corresponding private key. > > In fact, you could just use an RSA public key as the identifier directly. > This is likely not the best algorithm, but it's certainly an existence proof > that such algorithms can be devised without difficulty. > > In fact, I'm going to call my patent attorney instead of sending this > email. ;)
Heh, you mean like the nym based security that djb mentions at http://cr.yp.to/djbdns/forgery.html I've also seen several other proposals for the same thing. Most of them revolve around making a hash of the public key and using it as part of the domain name. Just so that I don't have to worry about somebody patenting any of these variations a year or more in the future, here is a public disclosure: A method for authentication where a public key is converted to a representation usable by a DNS server and used as a domain name. Conversion includes, but is not limited to, hashing, checksumming, compressing, encoding, encyphering, translating to hex, binary, octal, or other symbol system, or any other representation that may be returned by a DNS server. For the purposes of the following example the client is a device that wishes to look up a record in DNS that allows it to communicate with a server. A server is a device that communicates with clients. The conversion may be loss-less or lossy. If the conversion is loss-less then the conversion is reversed by the client in order to determine the public key. If the conversion is lossy then the complete public key is communicated to the client by the server and is compared to the lossy representation used for DNS by performing the same conversion. If the comparison fails the authentication fails. Mike. +----------------- H U R R I C A N E - E L E C T R I C -----------------+ | Mike Leber Direct Internet Connections Voice 510 580 4100 | | Hurricane Electric Web Hosting Colocation Fax 510 580 4151 | | [EMAIL PROTECTED] http://www.he.net | +-----------------------------------------------------------------------+