[OpenID] [oauth] Re: [diso-project] Re: OpenID Accessibility
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Tue Nov 4 20:52:42 UTC 2008
On 11/04/2008 09:07 PM, Ben Laurie:
> However, where we came in was I said "But wouldn't it be nice if
> browsers just automatically supported a phishing resistant password
> scheme?" and you said "like a client cert?". Picking up from that
> point: a client cert is not like a password, because I cannot memorise
> my cert.
>
LOL, that was my point actually - to disqualify anything resembling a
user / password pair, because as you say below:
>
> I agree that client certificates are obviously phishing resistant, and
> have never disagreed, and I am happy to treat the rest of the
> conversation as a red herring.
:-)
Basically I don't want to have another solution on top of a bad solution
(like user/pass) if there are better solutions already working perfectly
instead. It's already in the browser, it works, it's phishing resistant,
it's secure...what else?
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081104/33900bba/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081104/33900bba/attachment-0002.bin>
More information about the general
mailing list