It’s difficult to exchange public keys easily and correctly between strangers who have never met before.
But once they have done so, there is no way to stop them from communicating any more.
Eccentric Authentication focuses on getting that first key exchanged.
Eccentric Authentication is an authentication protocol that places end user anonymity, privacy and ease of use above other requirements. The user comes first, the web sites come second. The spies can go home.
It is designed to let people create accounts at web site while staying anonymous. The accounts are created with anonymous cryptographic identities. All the crypto-details are handled by a user agent, taking care of the details. It makes creating an account as easy as pressing a button. No more hassles with passwords nor email messages with activation links.
The users stay anonymous until they decide to reveal their identity. Even the web site will not learn the true identities. Nor will anyone else when proper traffic analysis protection it used. (Tor, I2P).
Hidden in the account management are the public and private keys. These can be used to encrypt and sign messages between users of a site, or even between users of different sites. This can form the basis of a secure email replacement, making phishing even more a thing of the past. Because of the validation service, users can learn of other users identities by nickname and lookup the public keys. This makes world wide names secure.
As this protocol deploys https-connections everywhere, it protects the users against passive eavesdropping and active manipulations such as Phorm, DPI.
With the use of DNSSEC and a validation service to check that each certificate is issued only once we can prevent Man-in-the-Middle attacks and phishing. Even if the user falls for a bank-phishing scam, his/her computer knows better and won’t let the user connect. If the user would persist, bypass all protections and log in at the phishers fake bank site, the real bank site would detect it when the phishers impersonate the user and block the account.
Good for/with Tor
Secondary benefits: Due to the pervasive use of encryption, Tor users benefit in two ways: The use of Tor does not stand out between the other traffic that uses this protocol. This makes it easier to hide your Tor use. Secondly, when running eccentric authenticated connections over Tor, the end-to-end connection is encrypted, solving the evil-exit-node vulnerability of Tor.
Please see the Design Goals for more details and use cases.
Witmond Secure Software
inventor of Eccentric Authentication