Dan Geer wrote: > > > > In the article they repeat the recommendation that you never > > use/register the same shared-secret in different domains ... for > > every environment you are involved with ... you have to choose a > > different shared-secret. One of the issues of biometrics as a > > "shared-secret password" (as opposed to the interface between you > > and your chipcard) is that you could very quickly run out of > > different, unique body parts. > > Compare and contrast, please, with the market's overwhelming > desire for single-sign-on (SSO). Put differently, would the > actual emergence of an actual SSO signal a market failure by > the above analysis?
Surely the point about (good) SSO is that you control the domain you share secrets with and that domain then certifies you to other domains - thus avoiding the problem of sharing your secrets across domains. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]