The new hope - better internet security finally?
Jan 01, 2017
3:31 PM EDT
|Call me a pessimist, but I'll be a believer that security is getting better only after I see the results proven over time.
Right now, I still don't trust the cloud. And when I read articles like this, I'm just thinking... "So, now when my master password gets hacked, they get all my passwords stored under that one." And, "Great, now my biometric data (fingerprints) can be hacked, and I can't change that like a password."
Jan 01, 2017
4:26 PM EDT
|Work is needed on this:
OpenPGP web authentication against PGP subkeys will eliminate the need for passwords across the web. You only need to generate your own key and hand the public key to the public....
I'm shocked at the lack of integration across the web of PGP keys while x509 gets all the love. With PGP, the end user keeps the necessary identity data and the control. x509 certificates have historically been a product of what I call "The Trust Cartel." ...
The Trust Cartel's only reason for existing is to sell you a product that identifies you as you. However, this is entirely unnecessary. There is no reason for you to be you. There is only a reason for the attempted user login credentials to match the attempt user. Across the web, the user is primarily identified via an email address. So, there is zero reason for any identification beyond an email address and proof of control over that address in order to ensure that the attempted login matches the user.
There's nothing special about x509 versus PGP. The cryptographic 'things' are the same. The only differences are the names of the fields on the non-cryptographic portion of the 'key' or 'certificate'.
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!