[GNU/consensus] Introducing Eccentric Authentication

[Guido Witmond]

Hello all,

At the invitation of Hellekin, I'll post an introduction on Eccentric 
Authentication [1,2] to this place.


In short: Eccentric Authentication is a protocol and software suite to 
deploy client certificates for authentication and communication.

TL;DR:

Instead of requiring to trust a third party CA, Ecca puts the CA in the 
hands of the web site operator. It signs certificates only for his 
customers. A First Party CA.

This gives many benefits:
- This eliminates passwords and email addresses, providing more privacy 
to the sites' visitors.
- It can be used to encrypt and sign messages to other visitors at the 
site, where the cryptography is done on the clients computer. (plug in)

People are expected to create many accounts at many sites. Each 
certificate is effectively an identity. Albeit, the site owner knows 
nothing about the real identity of the person unless she divulges more 
private data.

There are more things to achieve:
- with the websites TLS keys are signed by the same First Party CA, it 
allows user agents to recognise a site even when it's domain name has 
been revoked by some judge or govenment.

- With separation of identities and message delivery addresses, we can 
create anonymous email.

- With DNSSEC/DANE in the mix, we can square Zooko's Triangle and have 
unique, human readable public identities. We can exchange public keys by 
naming an identity at a site.

With Regards, Guido Witmond

[1] 
http://eccentric-authentication.org/eccentric-authentication/introduction.html
[2] http://eccentric-authentication.org/blog/