The missing ingredient is DNSSES with DANE. It lets the torproject specivy who is their CA. Every browser can look it up and verify the server certificate.
When the Torproject creates their own CA-ROOT, they can sign an object signing certificate for Errin. I wrote about it here: https://lists.torproject.org/p...
Because a certificate isn't something you can carry in your brain.
A certificate can also get lost, while a password can at most be forgotten. That matters, because you have to keep the certificate in a storage. When that becomes unavailable, and you then lose all your certificates, instead of just forgetting a password.
I would agree with you if people weren't so reckless with choosing passwords.
Besides, given the increases in password brute-forcing, passwords need to be longer than ever. Making it more difficult to remember. And we need so many of them. That drives the use of password managers. Then all your critique of certificates applies to the password manager as well.
Countermeasures against certificate-loss: backups (difficult) or sync-tools such as Firefox Sync. Makes it useable at every device you own.
Why are we still using passwords?
Time to deploy client certificates. That can be done pseudonymously. And with Tor even anonymously.
All it takes is a web site that signs its visitors customer certificates by itself.
This allows visitor to send encrypted messages to be send, even without the site reading along.
With proper protection from a Perspectives-like certificate log, it protects against MitM attacks.
With DNSSEC in the mix, it protects against phishing and hostile takeovers.
With independent channels, people can keep communicating, even when the original site goes down.
Read: http://eccentric-authentication.org/blog/2013/08/31/the-holy-grail-of-cryptography.html and http://eccentric-authentication.org/blog/2013/09/05/a-subversive-idea.html
Guido.
Most people have only one email address. Whether or not its your real name or a nickname, it's tied to your identity.
We can go one step further than Persona and let the web site sign client certificates. It lets people sign up with any nickname, the browser creates the private key and the site's CA signs it.
It gives the same security benefits but with improved privacy for the user.
If Mozilla doesn't like to build it into Firefox, I've gotten it as a web proxy service that you can run on your own box. Not even firefox (or any javascrip) can learn your private keys.
How's that for privacy?
Check http://eccentric-authentication.org/eccentric-authentication/five-minute-overview.html Cheers, Guido.
I have this website for you:
http://eccentric-authentication.org/eccentric-authentication/design-goals.html
also check out:
http://eccentric-authentication.org/eccentric-authentication/five-minute-overview.html
In short, it encrypts everything. It hides all the crypto at the application. No more difficult questions to answer wrongly.
In fact, you can already create an account at my demo dating site and communicate securely with others without having to touch nor verify a cryptographic certificate. Just create an account and send messages. Use Tor if you want to hide your endpoint.
If the feds want your keys they would have to come to you!
This will raise the bar a little: http://eccentric-authentication.org/eccentric-authentication/five-minute-overview.html
(With current operating systems, that's still too easy, hence I can only raise the bar. not solve it...)
Or at least the sort of computer design that deliberately walked away from having security built into all levels.
That was exactly that happened when people moved away from central mainframes to local PCs.
Also, neither PC nor Web architecture attempted to make certificates and keys into palpable first-class entities that users could more easily understand and manipulate, so the potential for verification and privacy were not realized.
There is a link missing in the chain. It is the list of which web sites are signed by which CA. Without that list, checking certificates is Russion Roulette. You get lucky most of the times.
Right now, some of the best stopgaps against this miserable history are projects like Qubes, Tor and I2P. Qubes lets me handle each thing I do in separate hardware-and-GUI enforced domains. Tor enables privacy for web and is familiar to many people. I2P gives me more than web connectivity, and the expectation that sites I connect to won't need Javascript (hardly ever) and is more future-proof than Tor.
I've come up with a way to get out this mess. It uses all the standard cryptography components but in a different way; and it is very easy to integrate into the current Internet structure.
I call it Eccentric-Authentication. See http://eccentric-authentication.org/
How many people call their bank and check the SSL's fingerprint? Nope, we just trust the CAs. How weird.
It's the Riddle of the Correct CA.
The CAs have neglected to create a solution for that. Now we are left to trust them. Trust that gets abused by the least secure of the bunch...
See: http://eccentric-authentication.org/eccentric-authentication/threat_model.html at threat #2.
I know you're trying to plug your thing here, but what you are saying is just naive. People use credit cards on the internet, you can't just magic that away with bitcoins or something. At least not yet. The technology isn't there. Do you suggest never using a credit card in real life? Or never telling anyone your name? At that point it is public information right?
Well spotted, I try to plug my thing.
And you are completly correct: the moment you provide personal identifyable information on an account, that account will be tied to your real identity. Everything you have done in the past and everything you will do in future will be tied to your person. For ever.
The thing that I plug is that people should have many separate identities at many separate sites. IE. You don't have just one account, you have a multitude. All anonymous. No one can figure out that these belong to the same person.
What I'm plugging with my protocol is that you use as many pseudonyms as you want. In fact, signing up for a new pseudonym should be so easy that it's considered a no brainer not to do so. It is easier than creating a new account with a throwaway email address. Anything more difficult on the client side is a bug, anything more difficult from the server side is considered hostile (like google's real name policy).
When shopping, create a new account, order and pay with credit card, fill in postal delivery address and destroy the private key that belongs to this account after delivery. That way, the shop knows that someone at your address ordered something but no one will ever learn of your other accounts. Not even the shop learns of your other accounts at that same shop.
If you tell your true name using one of your many pseudonyms, that ties that pseudonym to your real life identity for ever. Don't reveal your identitiy it unless you want to tie that pseudonym to your real identity.
It sucks if your real identity gets known by accident or just stupidity on your side. Rest assured, most of your other pseudonym accounts are still anonymous.
That's the amount of privacy control I give you with my protocol. You, the end user is in control. My tools are there to make it easy to keep your many accounts/identities private.
To plug it again: http://eccentric-authentication.org/eccentric-authentication/anonymous_logins.html
That has nothing to do with the problem. We are already assuming that the companies have personal data, they just want to encrypt it to prevent third parties from obtaining it.
Then it is too late. Any personal identifiable information on someone else server is already public data. There is no way you can take that back. If that's tagged with a real life identity, your at their mercy.
The key is to hide your real life identity behind many different digital pseudonyms. At least one, but preferably multiple pseudonyms per site. Then, be careful with what you write. And don't mention these pseudonyms on your facebook page.
Let your computer do the hard work managing all these pseudonyms, that's the power of eccentric authentication.
Users can't do it wrong anymore. Play with the demo at: http://eccentric-authentication.org/blog/2013/06/07/run-it-yourself.html or take a look at the walkthrough.
I offer a way to create accounts anonymously. And much easier than the email-address password combination.
When customers sign up for an account, they create a nickname. That gets signed into the client certifcate. The web server receives that nickname from the crypto-authentication libraries as the username. Do with that username what you want.
Why don't sites support two-way SSL? If everyone had a cert signed by trusted Certificate Authority then we could eliminate manual login. The trick would be making it easy/cheap for everyone to generate keys and csr's, and install the cert. Current tools for that are probably beyond the ability for 99% of Internet users.
Using client certificates from global Trusted third parties has a problem. Loss of privacy. That's why we still use passwords. These leave the choice to users. See: http://witmond.nl/blog/2012/11/21/why-we-still-use-passwords.html
"Home life as we understand it is no more natural to us than a cage is to a cockatoo." -- George Bernard Shaw
