[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Auth]My two cents
|
From: |
Carsten Kuckuk |
|
Subject: |
[Auth]My two cents |
|
Date: |
Mon, 16 Jul 2001 15:36:55 +0200 |
>>>>>
ONE master registrar is bad (too much power) Many registrars which can cross
sign their identities (and therefore their users one) is perfect.
<<<<<
What about two (or more) registrars that store half of the information
each?!
For example, take two registrars, reg1.net and reg2.net. The user wants to
store his profile, given as an array of bytes p[i], with these registrars
without
trusting any of them. This can be done by taking an array of random numbers
r[i].
Registrar reg1.net gets to store the array r[i], and registrar reg2.net gets
to store the array r[i] XOR p[i]. Both registrars only see arrays of random
numbers. In order to recreate the original profile, the client has to
retrieve
r[i] from reg1.net, and r[i] XOR p[i] from reg2.net, and XOR these two
arrays
with each other resulting in r[i]XOR r[i] XOR p[i] == p[i]. So this reduces
the
problem to the problem of reliably updating profile arrays at two registrars
which can be solved by storing two generations of profile arrays.
This model would consist of
- Registrars storing two versions of byte arrays for clients that
authenticate
themselves via a user/password scheme which the end-user has to remember.
- A client computer module that accesses both registrars, retrieves the
profile
string halfes, combines them into the real profile string, makes use of
it,
updates it, and stores new versions with the registrars.
- A net of independent registrars all over the world would be needed that do
not need to know about each other.
- Clients would choose two registrars that they have to remember.
Carsten Kuckuk
- [Auth]My two cents,
Carsten Kuckuk <=