brad at danga.com
Wed Aug 17 08:36:06 PDT 2005
This is an practical identity system for the masses, not one for idealists
End-users don't understand crypto, and even those that do
(including myself) still don't use it often.
On Wed, 17 Aug 2005, Alexey Khmara wrote:
> I'm not sure, if it's the correct place for my question, but I can't
> find better.
> I cannot understand, why bind a digital identity to particular URL? Why
> not use pair of PGP keys or something like this?
> User gives to site-consumer URL of site, that handles digital ID requests.
> Site-consumer queries this url and obtains public key.
> Then, it encrypts some string with this key and gives it throught user
> agent to server with it's own public key (or it's URL). Server asks user
> for login/password or in some other way ensures in user's identity. If
> ok, it decrypts string, using user's private key and encrypts it wyth
> client's public key. Then, answer is sent back to site-client. It
> decrypts answer and compares it with original string, that must be
> So, user identified by public key. So, he/she can use multiple servers,
> that support one identity, and if one don't work can easily use another.
> Also, if even identity server wil die, user (provided that he backed up
> his pair of keys) can establish new server, not losing identity.
> Other (may be, unrelevant) idea: user agent can intercept queries to
> some identity server and handle these queries by self, so user don't
> need to rely on any external servers to provide identity.
> Sorry for may bad English...
> WBR, Alexey Khmara
More information about the yadis