|
Title: Using Blockchain as a replacement for PKI Post by: Amitabh S on June 12, 2015, 04:40:26 PM Is there any work done on using the blockchain for public key certification/authentication, the job CAs currently do?
Bitcoin has challenged banks, the central authorities of money; why not do the same to CAs, the centralized authorities of the Internet. Namecoin does something close but we need a general way to map any domain name/email address to a public key (even a bitcoin address). Please point me to any work done in this regard. Title: Re: Using Blockchain as a replacement for PKI Post by: Carlton Banks on June 12, 2015, 05:33:27 PM DNSSEC is, I understand, part of the job completed already, but it suffers low roll-out atm. It's kind of new still, so maybe more might pick it up. Armory were working on using DNSSEC as a more robust alternative to BIP 70, hope that's still happening. I asked in the Armory sub (thread:https://bitcointalk.org/index.php?topic=1024587.0 (https://bitcointalk.org/index.php?topic=1024587.0)) whether they would consider using a sidechain to store and transact the certs/names, but they didn't reply at the time.
Title: Re: Using Blockchain as a replacement for PKI Post by: domob on June 12, 2015, 06:05:13 PM You can look at Namecoin identities (id/ namespace) instead of domains - although, of course, that's still not a way to verify ownership of an email address or traditional domain name. Since those are centrally controlled, I'm not sure if you can build a decentral system to verify them at all (except for solutions like CAcert).
Title: Re: Using Blockchain as a replacement for PKI Post by: 1QaZxSw2 on June 17, 2015, 03:15:45 AM My (yet to go public) futures trading startup uses bitcoin private/public keys to do authentication without a CA.
A CA is still needed for https; however no userids are needed or passwords to remember. None of the ideas are new, I just put the best features of bitid/sqrl/bitauth into something that is automated from the users point of view Other options to consider: bitauth: Does not use bitcoin but uses ECDSA, signs every api call, so can be used like HMAC to protect API Bitid: Uses bitid:// url scheme. Uses bitcoin addresses, Needs a supporting wallet SQRL: Needs a trusted app, does not use bitcoin Clef: Very nice, but you need to use their servers, essentially a trusted third party. The best thing among the four was SQRL. I basically re-implemented SQRL to use bitcoin addresses/keys Title: Re: Using Blockchain as a replacement for PKI Post by: StephenMorse on June 17, 2015, 08:48:18 PM Is there any work done on using the blockchain for public key certification/authentication, the job CAs currently do? Bitcoin has challenged banks, the central authorities of money; why not do the same to CAs, the centralized authorities of the Internet. Namecoin does something close but we need a general way to map any domain name/email address to a public key (even a bitcoin address). Please point me to any work done in this regard. You can store anything in the data that a .bit domain name refers to, it's usually JSON with the nameserver encoded within. No reason you couldn't add another JSON field for a public key. I've thought before that it might be useful to tie a Certificate (like X509) to a particular output in a blockchain, owned by the certificate issuer. Then if you want to revoke the certificate, you just have to spend the output. i.e. the certificate is only valid if it's corresponding output is unspent. |