Published on: 2013-08-09T12:18:37+00:00
In an email exchange from August 2013, Wendell and Mike Hearn discussed the potential of using a blockchain-based single sign-on (SSO) system. Wendell mentioned exploring esoteric blockchain+signature-based SSO implementations as discussed by John Light and others. He has been using SSO for years using an X.509 private key in his browser with his public key referenced in his homepage. However, X.509 tends to use RSA, and bitcoin tends to use ECC for space reasons. Mike Hearn noted that Mozilla Persona, an infrastructure for web-based SSO, works by having email providers sign temporary certificates for their users, whose browsers then sign server-provided challenges to prove their email address. Despite Persona using a different type of encryption than bitcoin, an implementation is likely to be quite easy. From the user's perspective, their wallet app would embed a browser and drive it as if it were signing into a website, but stop after the user is signed into Persona and a user cert has been provisioned. It can then sign payment requests automatically. For many users, it would only require one click, making it a more convenient option than obtaining a certificate for an email address from a certificate authority (CA). Hearn also discussed the concerns and advantages of using Persona. While Persona increases reliance on trusted third parties by storing keys and passwords on Mozilla's servers or email providers, Hearn believes that Persona has the potential to improve its security and decentralization over time. Users also have the option to run their own IDP on a personal server to avoid involvement with Mozilla's servers. Hearn highlighted that DNS, although centralized, has held up well so far, and Persona integrates with Google/Yahoo SSO systems until it becomes big enough to remove centralized structures and become transparently decentralized. Furthermore, Hearn compared Persona to X.509 certificates issued by CAs. While X.509 certs can be issued for any arbitrary string, obtaining one from a CA can be challenging, making them less suitable for widespread end-user adoption compared to Persona. Despite being easier to use, Persona is not more or less centralized than other PKIs. Ultimately, the user at host pair string requires centralization via DNS, and SSL must connect to it to verify assertions, meaning that the regular SSL PKI is still present under the hood.In summary, the email exchange discussed the potential use of Persona as a blockchain-based SSO system. Persona works by having email providers sign temporary certificates for users, providing a convenient and professional user experience. While Persona increases reliance on trusted third parties, there is potential for improved security and decentralization over time. Users have the option to run their own IDP on a personal server to avoid involvement with Mozilla's servers. Compared to X.509 certificates issued by CAs, Persona offers ease of use and wider end-user adoption.
Updated on: 2023-08-01T05:35:53.164496+00:00