Re: BitAuth

On 7/3/14 2:07 PM, Reutzel, Bailey wrote:
>
> BitPay's proposal for passwordless 
> authentication:http://blog.bitpay.com/2014/07/01/bitauth-for-decentralized-authentication.html
>
> Thought you all would be interested. J
>
> -B
>
>
> "This communication is intended solely for the addressee and is 
> confidential and not for third party unauthorized distribution" 

It claims the following advantages over alternatives:

 1. Only a compromise of the client machine can endanger the system's
    security.
 2. Because the private key is never revealed to the server, it does not
    need to be exchanged between the server and client over a side
    channel like in HMAC.
 3. Easy to implement wherever the Bitcoin protocol is implemented.
 4. Decoupled from Bitcoin addresses, allowing for a more explicit
    separation from financial transactions and allowing for greater privacy.
 5. Identity becomes portable --- the same identity can be used on
    multiple services, letting you take your identity with you.

1-5 also apply to WebID-TLS, basic TLS etc..

What am I missing here, beyond Elliptic-Curve Cryptography  (ECC) over 
RSA (where perceived NSA collusion assumptions are the biggest issue) ?

[1] 
http://linkeddata.uriburner.com/about/id/entity/http/crypto.stackexchange.com/questions/1190/why-is-elliptic-curve-cryptography-not-widely-used-compared-to-rsa 
-- Linked Data URI for an interesting random doc about ECC vs RSA from 
StackOverFlow

-- 
Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this