Rethinking PKI

I am a big believer in Public/Private Key crypto and digital signatures. The core technology is so elegant and has so many uses it is a wonder that it never quite took off. Unless you start addressing the many problems involved with the actual implementations and applications of the technology, see Ian Griggs wonderful rants here and you might understand:

• SSL
• PKI

The purpose of writing a new PKI system by scratch for NeuClear was to create a system that was:

• Easy to use and understand for average users
• completely legacy free (ie. http (or p2p) not ldap, xml not asn.1 nor x509)
• Not be succeptible to government manipulation such as the dns system.
• Leave CyberSpace ID to Meat Space ID mapping to optional higher levels.
• Make accessability a higher priority than theoretical threat analysis (See Ian's rants again above)

The NeuClear ID attempts to take flexibility of PGP and merge it with the ease of use of DNS. We have attempted to stay away from any of the thought processes behind the traditional X509 CA model as offered by VeriSign, as we belive it doesnt solve any problems and presents too many.

The Core technology is based on XML. With heavy use of the new XML-Signature standard to handle trust and security aspects of the framework. The initial implementation is in Java, but there is absolutely no reason at all that it couldnt be implemented in say C#, Pythom or Perl.