Bitcoin Forum
December 06, 2016, 10:20:47 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: S/MIME certificates as a means of personal identification  (Read 1623 times)
matt.collier
Member
**
Offline Offline

Activity: 105



View Profile
May 03, 2011, 10:16:50 PM
 #1

About a week ago, in this post, I presented the concept of bitcoinID.

My intention is to accept bitoin in exchange for a Class 2 S/MIME certificate issued by a top level Certificate Authority (CA).  The S/MIME certificate can then be  used to link a flesh and blood person to their digital persona.  A bitcoinID is then derived from the public key contained in the S/MIME certificate.  Users can then link bitcoin addresses to their bitcoinID at bitcoinID.com.  The bitcoinID can then serve as a common point of reference for an unlimited variety of reputation based systems.

The actual bitcoinID number is a “fingerprint” or SHA-224 hash of the subject's Class 1 or Class 2 S/MIME public key.  I chose SHA-224 because it should eliminate the possibility of duplicate bitcoinIDs being created.  Anyone possessing the public key of the subject can derive the bitcoinID using freely available software.  The algorithm for generating a bitcoinID is not proprietary.

Although it would be a trivial matter for bitcoinID.com to issue a bitcoinID to anyone who has a bank account or credit card, by using this method a bitcoinID has no linkage with the existing banking system.  This method serves to include people who have been excluded by existing financial institutions.  BitcoinID.com is counting on a CA to do the job it was designed to do.  That is, to collect, evaluate and protect information that can be used to confirm a person's identity.   

Instead of relying on financial institutions, who have repeatedly demonstrated that they are not trustworthy, can we instead place our trust with Certificate Authorities?

Matt
1481019647
Hero Member
*
Offline Offline

Posts: 1481019647

View Profile Personal Message (Offline)

Ignore
1481019647
Reply with quote  #2

1481019647
Report to moderator
1481019647
Hero Member
*
Offline Offline

Posts: 1481019647

View Profile Personal Message (Offline)

Ignore
1481019647
Reply with quote  #2

1481019647
Report to moderator
1481019647
Hero Member
*
Offline Offline

Posts: 1481019647

View Profile Personal Message (Offline)

Ignore
1481019647
Reply with quote  #2

1481019647
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481019647
Hero Member
*
Offline Offline

Posts: 1481019647

View Profile Personal Message (Offline)

Ignore
1481019647
Reply with quote  #2

1481019647
Report to moderator
1481019647
Hero Member
*
Offline Offline

Posts: 1481019647

View Profile Personal Message (Offline)

Ignore
1481019647
Reply with quote  #2

1481019647
Report to moderator
matt.collier
Member
**
Offline Offline

Activity: 105



View Profile
May 05, 2011, 05:07:22 PM
 #2

Our collective trust in a system like bitcoinID is based upon our trust in the Certificate Authority (CA) that issued the Class 1 or Class 2 S/MIME certificate.  This article does a nice job of highlighting some of the problems with our current PKI.  The article tells us how the Comodo Certificate Authority recently issued some fraudulent certificates, thereby undermining the trust bestowed upon them by the PKI community.

Certificate Revocation is another important feature of our PKI.  That is, if a digital certificate is lost or stolen, the CA adds the certificate to their Certificate Revocation List (CRL), thus making everyone aware that the certificate should no longer be honored.  The aforementioned article points out that many PKI aware applications don't bother to check CRL's before giving the user the the green light.  This is primarily due to the fact that CRL checks are disabled by default in a number of popular web apps.  Although the article is discussing SSL certificates issued for web sites, CRLs are also used for S/MIME certificates.  I would like to add at this point that bitcoinID.com does check CRLs before issuing a bitcoinID.

As a practical matter, two CAs,  GlobalSign and Comodo each offer Class 2 S/MIME certificates.  Comodo is selling theirs for $12, and GlobalSign is selling theirs for $60.  I have spoken with both of these companies and the vetting process they use appears to be identical.  Look here at the description for Level 3 Security if you are interested in knowing more about what the vetting process involves.  I would like to know what others think about the huge disparity in price between these two products.  Has Comodo been black balled by the PKI community as a result of the recent security breach?  Is anyone willing to pay 5 times more for a GlobalSign certificate?
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!