2008-08-04

On Authentication

I think public-key cryptography authentication will be the only authentication system used in the future, totally replacing user name/password authentication.

Currently we have to keep lots of passwords in mind or in a password manager because every site needs a different one (you can not use the same password on every site since if someone has access to your password at any site he would have access to any of your sites).

Public-key cryptography authentication also allows us to not require the usage of public key infrastructure and be able to have a decentralized web of trust. Privacy-enhanced Electronic Mail will not work in a hierarchy of trust.

To replace user name/password authentication with public-key cryptography authentication in the web the first step would be making it easier to generate and use key pairs in the web browser.

Public-key cryptography authentication also has the advantage of being single sign-on as you only has to type the password of your private key once for all the session.

Cryptographic smart cards are the most secure way of authentication as they keep the private key always on the card and are also password protected.

Van Jacobson is currently leading this Copernican Revolution to make the Internet a Content-centric networking by disassociating the network from the data. He explains it in A New Way to look at Networking.

No comments: