Yet Another MerryGoRound
jld at club-internet.fr
Tue May 24 06:52:22 PDT 2005
Or at least that's what it feels like when just dropping in...
I am in search of a distributed authentication system, i.e. a way to
disseminate signed documents (*not* crypted) which authorship could be
This is a common subproblem to all SSO or distributed ID systems.
Having browsed thru the archive I am puzzled by the questions asked
which are a strange mix of murky implementation details and
Do you guys really have a clear understanding of what you are heading for?
From my own view I would rather avoid reinventing the wheel as far as
the *basics* are concerned.
Sticking to well established standards where there are some like using
HMAC (http://www.faqs.org/rfcs/rfc2104.html) instead of cooking up "yet
another" signature scheme.
But also avoiding nearly obsolete ones like SHA1 (see :
This may be still secure enough for a while at the level you are
targeting but why investing in an ultimately doomed scheme?
I would rather favor Tiger
(http://www.cs.technion.ac.il/~biham/Reports/Tiger/) which is fast, has
a reasonable key length of 192 bits, is yet unbroken and is supported by
Available in all recent PHP implementations for instance.
But these are only minor problems relative to what I see as the *central
Only a public key system could match the challenges of a distributed
I do agree with Brad
>Let's all go personal crypto certs from Verisign while we're at it and
>teach everybody PGP.
>Sorry, it's a great idea for geeks like us that understand, but the masses
>won't get it.
See also "Why Johnny Can't Encrypt"
But nevertheless no one will cope with the problems without something
similar to the PGP logic.
Mucking around topics like "multiple identity servers" is utterly
useless, there is no "good answer".
Unfortunately the only path seems to be a *reimplementation* of just the
needed subset of already proven solutions, both on the server side and
geeky or proprietary languages BML, Perl, Ruby, ASP, .NET, whatever,
because if you target "the masses" (as I do...)
you need to use what is available to them.
Yeah, I am a bit disappointed...
More information about the yadis