{"id":1962,"date":"2014-05-30T10:02:03","date_gmt":"2014-05-30T17:02:03","guid":{"rendered":"http:\/\/upon2020.com\/blog\/?p=1962"},"modified":"2014-05-30T10:02:03","modified_gmt":"2014-05-30T17:02:03","slug":"marcus-povey-and-pgp-based-login","status":"publish","type":"post","link":"https:\/\/upon2020.com\/blog\/2014\/05\/marcus-povey-and-pgp-based-login\/","title":{"rendered":"Marcus Povey and PGP-based login"},"content":{"rendered":"<p>Marcus Povey is <a href=\"http:\/\/www.marcus-povey.co.uk\/2014\/05\/30\/openpgp-login-spec-countering-replay-attacks\/\">proposing<\/a> to use PGP\/GPG to log into personal websites such as <a href=\"http:\/\/withknown.com\/\">Known<\/a>.<\/p>\n<p>Where have I heard this before? ;-) Oh, yes, LID, circa 2005, before <a href=\"http:\/\/openid.net\/\">OpenID<\/a> etc.<\/p>\n<p>Here is how a digitally signed LID requests looks like, broken into separate lines for better readability:<\/p>\n<pre>http:\/\/example.com\r\n    ?lid=http%3A%2F%2Fmylid.net%2Fjernst\r\n    &amp;lid-credtype=gpg%20--clearsign\r\n    &amp;lid-nonce=2014-05-30T16%3A54%3A57.016Z\r\n    &amp;lid-credential=SHA1%0AVersion%3A+GnuPG+v1.4.11+%28GNU%2FLinux%29%0A%0AiEYEARECAAYFAlOIt%2BEACgkQsIOiz0BhWYZ9MACcCelf5T6XyywOZ5jVq3eyMw9m%0A8C4AoJ6Vz47PKR2%2FEvNqDkv7OWFyHdSU%0A%3DpVzh%0A\r\n<\/pre>\n<p>where:<\/p>\n<dl>\n<dt>lid:<\/dt>\n<dd>The URL identifying the entity requesting access, e.g. my blog<\/dd>\n<dt>lid-credtype:<\/dt>\n<dd>for extensibility, specifies the kind of credential provided<\/dd>\n<dt>lid-nonce:<\/dt>\n<dd>a timestamp, to avoid reply attacks (Hi, Marcus!)<\/dd>\n<dt>lid-credential:<\/dt>\n<dd>the credential, a digital signature over the request and the nonce, from the gpg output without some of the boilerplate<\/dd>\n<\/dl>\n<p>Some more info about LID is <a href=\"http:\/\/infogrid.org\/trac\/wiki\/Lid\/Essence\">on the InfoGrid Wiki<\/a>.<\/p>\n<p>Do I think this is a good idea? Oh, Yes! Much better than much other stuff that has been bandied about for identity on the  internet in the past 9+ years.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Marcus Povey is proposing to use PGP\/GPG to log into personal websites such as Known. Where have I heard this before? ;-) Oh, yes, LID, circa 2005, before OpenID etc. Here is how a digitally signed LID requests looks like, broken into separate lines for better readability: http:\/\/example.com ?lid=http%3A%2F%2Fmylid.net%2Fjernst &amp;lid-credtype=gpg%20&#8211;clearsign &amp;lid-nonce=2014-05-30T16%3A54%3A57.016Z &amp;lid-credential=SHA1%0AVersion%3A+GnuPG+v1.4.11+%28GNU%2FLinux%29%0A%0AiEYEARECAAYFAlOIt%2BEACgkQsIOiz0BhWYZ9MACcCelf5T6XyywOZ5jVq3eyMw9m%0A8C4AoJ6Vz47PKR2%2FEvNqDkv7OWFyHdSU%0A%3DpVzh%0A where: lid:The URL&hellip;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled":false,"footnotes":""},"categories":[60,301],"tags":[285,320],"class_list":["post-1962","post","type-post","status-publish","format-standard","hentry","category-digital_identity","category-indie-web","tag-indieweb","tag-known","kind-"],"kind":false,"_links":{"self":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/1962","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/comments?post=1962"}],"version-history":[{"count":2,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/1962\/revisions"}],"predecessor-version":[{"id":1964,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/1962\/revisions\/1964"}],"wp:attachment":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/media?parent=1962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/categories?post=1962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/tags?post=1962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}