summaryrefslogtreecommitdiff
path: root/b6/99b402ddf91c6c11e73415221bf7d37e98e13f
blob: 3408c28b85666ec2333d78b0d6ee8c8d92e39c81 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
	helo=mx.sourceforge.net)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <mh.in.england@gmail.com>) id 1V7lV6-0008La-4I
	for bitcoin-development@lists.sourceforge.net;
	Fri, 09 Aug 2013 12:09:00 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.219.43 as permitted sender)
	client-ip=209.85.219.43; envelope-from=mh.in.england@gmail.com;
	helo=mail-oa0-f43.google.com; 
Received: from mail-oa0-f43.google.com ([209.85.219.43])
	by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1V7lV4-0002wh-Ez
	for bitcoin-development@lists.sourceforge.net;
	Fri, 09 Aug 2013 12:09:00 +0000
Received: by mail-oa0-f43.google.com with SMTP id i10so6847486oag.30
	for <bitcoin-development@lists.sourceforge.net>;
	Fri, 09 Aug 2013 05:08:53 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.182.153.200 with SMTP id vi8mr342245obb.27.1376050133026;
	Fri, 09 Aug 2013 05:08:53 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.76.84.231 with HTTP; Fri, 9 Aug 2013 05:08:52 -0700 (PDT)
In-Reply-To: <CAKaEYhLftC67Lrinc2yF0coqhJi_DpM4XvoXfBwJBGv=hFi3yQ@mail.gmail.com>
References: <CANEZrP3w+pGVJijxLr1N6wQiqg4U=RUP3Mrph2=fwF+Ga_U9sQ@mail.gmail.com>
	<CAKaEYhLftC67Lrinc2yF0coqhJi_DpM4XvoXfBwJBGv=hFi3yQ@mail.gmail.com>
Date: Fri, 9 Aug 2013 14:08:52 +0200
X-Google-Sender-Auth: pdrTYyUsZjzcjpb_8ICBw7Tk98I
Message-ID: <CANEZrP3fWbGAO3MSvAzicjPmPzUGVfSgxk_MnZNUhHzE7_9drg@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Content-Type: multipart/alternative; boundary=089e01494a505f4e7704e382a371
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(mh.in.england[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1V7lV4-0002wh-Ez
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Idea for new payment protocol PKI
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 09 Aug 2013 12:09:00 -0000

--089e01494a505f4e7704e382a371
Content-Type: text/plain; charset=UTF-8

>
> Bitcoin sought to reduce dependence on trusted third parties, where as,
> persona is increasing the reach of trusted third parties.  The keys and
> passwords are stored on mozilla's servers, sometimes on your email
> providers.  Persona, is however, a progression and will hopefully improve
> its security and decentralization as it goes along.
>

When Persona is supported by all the key players in a transaction Mozilla
doesn't get anything, do they? You can easily run your own IDP on a
personal server if you're the kind of person who likes to do that, then run
Firefox so you have a native implementation and the Mozilla servers aren't
involved. The keys never leave your computers.

Whilst X.509 certs can indeed be issued for any arbitrary string, you still
need a CA that will do it for you, and that's typically not so trivial. CAs
aren't meant for widespread end user adoption, really, whereas Persona is.

I don't think Persona is any more or less centralised than other PKIs,
really, just easier to use. Ultimately the string you're verifying is a
user@host pair, so the host is centralised via DNS and to verify the
assertions it vends, you must use SSL to connect to it, so under the hood
the regular SSL PKI is still there.

--089e01494a505f4e7704e382a371
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #c=
cc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div=
 class=3D"gmail_quote">
<div>Bitcoin sought to reduce dependence on trusted third parties, where as=
, persona is increasing the reach of trusted third parties.=C2=A0 The keys =
and passwords are stored on mozilla&#39;s servers, sometimes on your email =
providers.=C2=A0 Persona, is however, a progression and will hopefully impr=
ove its security and decentralization as it goes along.<br>
</div></div></div></div></blockquote><div><br></div><div>When Persona is su=
pported by all the key players in a transaction Mozilla doesn&#39;t get any=
thing, do they? You can easily run your own IDP on a personal server if you=
&#39;re the kind of person who likes to do that, then run Firefox so you ha=
ve a native implementation and the Mozilla servers aren&#39;t involved. The=
 keys never leave your computers.</div>
<div><br></div><div>Whilst X.509 certs can indeed be issued for any arbitra=
ry string, you still need a CA that will do it for you, and that&#39;s typi=
cally not so trivial. CAs aren&#39;t meant for widespread end user adoption=
, really, whereas Persona is.</div>
<div><br></div><div>I don&#39;t think Persona is any more or less centralis=
ed than other PKIs, really, just easier to use. Ultimately the string you&#=
39;re verifying is a user@host pair, so the host is centralised via DNS and=
 to verify the assertions it vends, you must use SSL to connect to it, so u=
nder the hood the regular SSL PKI is still there.</div>
<div><br></div><div><br></div></div></div></div>

--089e01494a505f4e7704e382a371--