You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to suggest a simple-to-implement and easy-to-use blockchain-based authentication method:
Registration of ID/username/pseudonym
User registers an ID/username/pseudonym in 'id/'-namespace
User presses a button in Namecoin to automagically generate a self-signed X.509 client-certificate (PKCS12-format) which uses the ID as Distinguished Name and adds/updates the fingerprint of the client-certificate as application
User imports self-signed X.509 client-certificate to his application (e.g. browser)
Authentication:
User connects to service via (D)TLS
Service requests self-signed X.509 client-certificate via (D)TLS
Service validates self-signed X.509 client-certificate via ':<X.509-fingerprint>'-tupel in blockchain instead of CA-root/-intermediate certificates
That way there is no need to have a blockchain-client (Namecoin) running on client machines for authentication and we can use existing client-side infrastructure without any changes (e.g browsers, embedded systems). As Proof-of-Concept I suggest to patch STunnel for server-side client-certificate validation and to develop an Apache authentication provider module.
ToDo:
Namecoin protocol: Add X.509-fingerprint for (D)TLS as registered application in 'id/'-namespace definition
Namecoin-QT: Add button per ID in "Manage Names"-table to create and register self-signed X.509 client-certificate.
Patch STunnel to authenticate self-signed client certificates against the blockchain instead of CA-hierarchy.
I want to suggest a simple-to-implement and easy-to-use blockchain-based authentication method:
Registration of ID/username/pseudonym
Authentication:
That way there is no need to have a blockchain-client (Namecoin) running on client machines for authentication and we can use existing client-side infrastructure without any changes (e.g browsers, embedded systems). As Proof-of-Concept I suggest to patch STunnel for server-side client-certificate validation and to develop an Apache authentication provider module.
ToDo:
Discussion in Namecoin-Forum
Documentation for Namecoin-/Blockchain-newbies:
Wikipedia about Blockchain
Bitcoin.it about Blockchain
Namecoin protocol (Blockchain implementation)
Namecoin Identities
Namecoin client (Source code)
The text was updated successfully, but these errors were encountered: