[OpenID] [oauth] Re: [diso-project] Re: OpenID Accessibility
Ben Laurie
benl at google.com
Tue Nov 4 21:46:09 UTC 2008
On Tue, Nov 4, 2008 at 8:52 PM, Eddy Nigg (StartCom Ltd.)
<eddy_nigg at startcom.org> wrote:
> On 11/04/2008 09:07 PM, Ben Laurie:
>
> However, where we came in was I said "But wouldn't it be nice if
> browsers just automatically supported a phishing resistant password
> scheme?" and you said "like a client cert?". Picking up from that
> point: a client cert is not like a password, because I cannot memorise
> my cert.
>
>
> LOL, that was my point actually - to disqualify anything resembling a user /
> password pair, because as you say below:
>
> I agree that client certificates are obviously phishing resistant, and
> have never disagreed, and I am happy to treat the rest of the
> conversation as a red herring.
>
> :-)
>
> Basically I don't want to have another solution on top of a bad solution
> (like user/pass) if there are better solutions already working perfectly
> instead. It's already in the browser, it works, it's phishing resistant,
> it's secure...what else?
"What else" is that I need a way to link my desktop with my laptop.
More information about the general
mailing list