Comments on: Proving membership online http://ursecta.com/wp/2005/06/proving-membership-online/ J. Martin Wehlou on Security, Software Development, and Medicine Tue, 06 Jan 2009 22:21:15 +0000 http://wordpress.org/?v=2.6.2 By: Martin Wehlou http://ursecta.com/wp/2005/06/proving-membership-online/#comment-8 Martin Wehlou Tue, 28 Jun 2005 19:44:47 +0000 http://ursecta.com/wp/?p=6#comment-8 Thanks, Javed. Well, the task of the CA is to be a trusted third party to both negotiating partners in a transaction of some kind. In this case, the transaction is between the user and OtherSites, with Site Zero as common trusted third party. So it would be entirely natural to have Site Zero as ultimate CA for this particular scenario. One more CA "above" Site Zero won't contribute anything to the security. But, I admit, it may often be a political necessity. Thanks, Javed. Well, the task of the CA is to be a trusted third party to both negotiating partners in a transaction of some kind. In this case, the transaction is between the user and OtherSites, with Site Zero as common trusted third party. So it would be entirely natural to have Site Zero as ultimate CA for this particular scenario. One more CA “above” Site Zero won’t contribute anything to the security. But, I admit, it may often be a political necessity.

]]> By: Javed Ikbal http://ursecta.com/wp/2005/06/proving-membership-online/#comment-7 Javed Ikbal Tue, 28 Jun 2005 18:28:35 +0000 http://ursecta.com/wp/?p=6#comment-7 Nice writeup. I believe this is also the federated identity problem... I personally think the CN field in a digital certificte could be an easy method to solve this problem. I get a cert (self-generated?) and have site zero sign it. Then I can present that digital ID to anyone who is interested. There are holes in this scenario, but none too big. Also see http://www.cacert.org/ I am trying to fit cacert into the model above. Nice writeup. I believe this is also the federated identity problem… I personally think the CN field in a digital certificte could be an easy method to solve this problem. I get a cert (self-generated?) and have site zero sign it. Then I can present that digital ID to anyone who is interested. There are holes in this scenario, but none too big.

Also see http://www.cacert.org/

I am trying to fit cacert into the model above.

]]>