Anonymous Logins

In many cases it is not neccesary to know the real identity of the
visitors to your web site. All you need is to tell them
apart. For example, a blogging site can allow people to sign up
anonymously. Each blogger creates a nickname and blogs under that name,
not their real name.

Another example is a dating site where people really want to stay
anonymous until they’ve found the match of a lifetime. Again, daters
sign up with a chosen nickname.

How it works is that each site sets up their own Certificate
Signer. It’s called a First Party Certificate Authority (FPCA). The
FPCA of the blogging site signs certificates for the bloggers, the
FPCA of the dating site does so for the daters. The dating site will
never accept the certificates from the blog-FPCA. And vice versa.

Signing up with just a nickname Signing up with just a nickname

When a person wants to sign up for our blog site he comes up with a
nickname and requests a certificate. (Well, his web browser does all
the cryptography-stuff). The FPCA verifies that this nickname is not
already taken by someone else. Nicknames must be unique at each
site. When the chosen nickname is still free, the FPCA signs the
certificate and gives it to the user’s browser.

Our visitor now has an account at our site. And because we check that
the nickname is unique, only he can blog under that name, making a
reputation while staying anonymous.

This sign up procedure takes no more time than typing in the nickname
and a single request to the FPCA. You get the certificate in the
response. No need to wait for an confirmation email to arrive. The
registration doesn’t even need an email address, only a
nickname. That’s what makes it anonymous.

If our blogger wants he can create more accounts with different
nicknames. Perhaps to write about different, more delicate matters. He
can have multiple identities at a single site. And the site cannot
tell that these identities belong to the same person. The browser will
take care of that.

Log in with the certificate Log in with the certificate

Each certificate is an identity. With Old-school, it is a digital
passport that contains your true identity. With Ecca, it contains only
a chosen nickname.

The uniqueness requirement for the nickname is important. It allows
people to use the nicknames to address each other while the computer
uses the cryptographic keys to validate that it is the same person.

But we can do more with certificates than just log in anonymous. We
can create anonymous private messaging.