[Bitcoin-development] Message Signing based authentication

Melvin Carvalho melvincarvalho at gmail.com
Sat Nov 2 13:16:12 UTC 2013


On 2 November 2013 14:02, Mike Hearn <mike at plan99.net> wrote:

> On Sat, Nov 2, 2013 at 6:01 AM, <bitcoingrant at gmx.com> wrote:
>
>> In brief, the authentication work as follows:
>>
>>
>>
>> Server provides a token for the client to sign.
>>
>> client passes the signed message and the bitcoin address back to the
>> server.
>>
>> server validates the message and honors the alias (optional) and bitcoin
>> address as identification.
>>
>
> http://pilif.github.io/2008/05/why-is-nobody-using-ssl-client-certificates/
>

I actually use client certificates for almost all of my authentication.

It's true that the browser manufacturers have created an UX which is not
ideal, and very little effort is made to improve it.  But it is possible.
See this project from Mozilla labs.

http://www.azarask.in/blog/post/identity-in-the-browser-firefox/

Unfortunately this got killed :(

More popular is the trusted third party model like OAuth or Persona.
There's a conflict of interest as well, because browser manufacturers are
often identity providers too, so there is an incentive to push TTP
technology.

There's two elements here.  One is paswordless login (which I love).  The
other is who controls your identity.  I like to control my own identity (in
my browser) using PKI.  But facebook and the big webmail providers have a
lions share of the market.

The way to shift the balance is to offer the right incentives.


>
>
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131102/1aaf3dcc/attachment.html>


More information about the bitcoin-dev mailing list