Using encryption for authentication in large networks of computers
Communications of the ACM
PGP: Pretty Good Privacy
| Hi-index | 0.00 |
The sharing of information held on personal servers is becoming widespread, as represented by Weblogs, SNS, etc. In this situation, it is necessary for each personal server to authenticate users autonomously without any special conditions for the site to which they belong. In this paper, we propose an authentication method for interaction between personal servers. The proposal introduces a new method, which involves retrieving a public key based on the prior exchange of addresses. It requires no trusted-third-party, suppresses the number of secret data items to be managed, and enables key revocation with certainty. We investigate a possible security pitfall of the proposal which results in a risk of impersonation using DNS spoofing, and propose a countermeasure for this, showing that the risk is avoidable.