Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1V7lV6-0008La-4I for bitcoin-development@lists.sourceforge.net; Fri, 09 Aug 2013 12:09:00 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.219.43 as permitted sender) client-ip=209.85.219.43; envelope-from=mh.in.england@gmail.com; helo=mail-oa0-f43.google.com; Received: from mail-oa0-f43.google.com ([209.85.219.43]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1V7lV4-0002wh-Ez for bitcoin-development@lists.sourceforge.net; Fri, 09 Aug 2013 12:09:00 +0000 Received: by mail-oa0-f43.google.com with SMTP id i10so6847486oag.30 for ; Fri, 09 Aug 2013 05:08:53 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.182.153.200 with SMTP id vi8mr342245obb.27.1376050133026; Fri, 09 Aug 2013 05:08:53 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.84.231 with HTTP; Fri, 9 Aug 2013 05:08:52 -0700 (PDT) In-Reply-To: References: Date: Fri, 9 Aug 2013 14:08:52 +0200 X-Google-Sender-Auth: pdrTYyUsZjzcjpb_8ICBw7Tk98I Message-ID: From: Mike Hearn To: Melvin Carvalho Content-Type: multipart/alternative; boundary=089e01494a505f4e7704e382a371 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1V7lV4-0002wh-Ez Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Idea for new payment protocol PKI X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Aug 2013 12:09:00 -0000 --089e01494a505f4e7704e382a371 Content-Type: text/plain; charset=UTF-8 > > Bitcoin sought to reduce dependence on trusted third parties, where as, > persona is increasing the reach of trusted third parties. The keys and > passwords are stored on mozilla's servers, sometimes on your email > providers. Persona, is however, a progression and will hopefully improve > its security and decentralization as it goes along. > When Persona is supported by all the key players in a transaction Mozilla doesn't get anything, do they? You can easily run your own IDP on a personal server if you're the kind of person who likes to do that, then run Firefox so you have a native implementation and the Mozilla servers aren't involved. The keys never leave your computers. Whilst X.509 certs can indeed be issued for any arbitrary string, you still need a CA that will do it for you, and that's typically not so trivial. CAs aren't meant for widespread end user adoption, really, whereas Persona is. I don't think Persona is any more or less centralised than other PKIs, really, just easier to use. Ultimately the string you're verifying is a user@host pair, so the host is centralised via DNS and to verify the assertions it vends, you must use SSL to connect to it, so under the hood the regular SSL PKI is still there. --089e01494a505f4e7704e382a371 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Bitcoin sought to reduce dependence on trusted third parties, where as= , persona is increasing the reach of trusted third parties.=C2=A0 The keys = and passwords are stored on mozilla's servers, sometimes on your email = providers.=C2=A0 Persona, is however, a progression and will hopefully impr= ove its security and decentralization as it goes along.

When Persona is su= pported by all the key players in a transaction Mozilla doesn't get any= thing, do they? You can easily run your own IDP on a personal server if you= 're the kind of person who likes to do that, then run Firefox so you ha= ve a native implementation and the Mozilla servers aren't involved. The= keys never leave your computers.

Whilst X.509 certs can indeed be issued for any arbitra= ry string, you still need a CA that will do it for you, and that's typi= cally not so trivial. CAs aren't meant for widespread end user adoption= , really, whereas Persona is.

I don't think Persona is any more or less centralis= ed than other PKIs, really, just easier to use. Ultimately the string you&#= 39;re verifying is a user@host pair, so the host is centralised via DNS and= to verify the assertions it vends, you must use SSL to connect to it, so u= nder the hood the regular SSL PKI is still there.


--089e01494a505f4e7704e382a371--