[p2p-hackers] user centric network endpoint based session
coderman at gmail.com
Sat Jun 17 12:29:22 UTC 2006
throwing down the gauntlet:
using various authentication and key management methods at the TCP
session level associated with a specific IP/port endpoint pair for
access to network services* is a relic from decades
past and is not only inefficient and inflexible but actively
detrimental to good usable security due to the baggage and complexity
inherent in these methods.
access to network services should be provided on top of a network
endpoint local to the two domains requesting and providing services
respectively, with user centric authentication for initialization of
the secure IPv4/IPv6 tunnel session to which services are bound and
revocation performed by terminating this session and the ability to
revocable delegation is implemented by proxy of traffic between peers
to the delegated domain and irrevocable delegation implemented by
sharing authentication credentials for the desired endpoint service(s)
with the trusted peer for direct communication without proxy.
in a sense this is simply a way to exchange "the capability to
communicate with me privately" and then utilize the services made
available to your peers when this capability is exercised.
More information about the P2p-hackers