announcing eccentric authentication

Eccentric Authentication

Eccentric Authentication (Ecca) is a protocol to replace password
authentication with client certificates. By doing so we can:

  • make it easier to login and log out of web sites;
  • make it anonymous; you can sign up to site without providing any
    details that would tie the account to your person;
  • make communication more secure; you can exchange encrypted
    messages securely without revealing your identity to anyone.


It’s ideal for a dating site. Once you’ve exchanged a message,
you can use the cryptographic keys in
the message to set up an encrypted VOIP-telephone call, or an
encrypted video-chat. Until the moment you see and hear each other,
you don’t know who it will be. But you can be sure that it is the
person from the message and no one else. The cryptography behind Ecca
guarantees that.

How it works.

We install a Certificate Signer at our web site. We don’t use the
certificates from the global Certificate Authorities. Our website
accepts only the certificates that its own Certificate Signer signed.
And we don’t expect other sites to accept our certificates.

When you sign up at our web site, you specify the username you want
to have. If the chosen username is still available, our Certificate
Signer signs a certificate with your username and hands it to you.

You now have a certificate that allows you to log in at our site with
your chosen username. No one else can use this username at our
site. Just like email addresses are unique.

Your web browser takes care of all the cryptography details such as
creating a private key and most important, keeping it secret.

Why? Privacy!

The Ecca protocol allows users to benefit from the power of
certificates without losing privacy, as is the case with certificates
from Global certificate Authorities.

When you request certificate from a Global Certificate Authority, they
verify your real identity by validating your passport. Once the Global
CA has sufficient proof that you are who you claim to be they sign a
certificate that bears your real name. It allows you to identify you
to banks, shops and other places that you show your certificate.

It means, that every time you use this global certificate, it tags
your digital actions with your real life identity. No denial
possible. Every email you sign with this certificate will tie it to
your person. For many people this is too high a price to pay. For
example, you might not get that dream job if your future boss finds
out that in your blog you support a different political party than him. And
there in no denial that it’s you who wrote it. As you have only one
global certificate, you would have to use it to log in to the blog
site and sign your job application.

Ecca-certificates work the same as a global Certificate but it doesn’t
carry your full identity. On the contrary, it only contains your
chosen username. It is no more than a digital pseudonym. The
ecca-protocol does not even need an email address. So you have more
privacy with an ecca-certificate than with a username, password and
email address that most sites ask for.

And why stop with a single pseudonym, if you were to blog on several
subjects, create a certificate (with different usernames) for each
topic. You can have as many certificates for our site as you wish, they are free.

Private messages

But with Ecca-certificates, we can do more. Our site allows you to
look up other peoples’ certificates by just specifying their
username. The certificate you retrieve contains the users’ public
key.

With that public key you can encrypt a message so that only the
owner of that account can read it. When you sign your messages with
your private key, the recipient can validate that the message is from
another user at our site.

Inside the message is also your
certificate. Now your recipient has all the data he needs to send you
an encrypted reply that only you can read. Not even, us the site
operators can read these private messages.

This allows us to design the worlds most private dating site.

Or we can design a blog site.

Read More

I’ve a made single page flyer with most of the characteristics of Eccentric Auhtentication. Feel free to download it: Eccentric-Authentication-flyer.pdf.