On 4 Jun 2003 at 20:58, Anne & Lynn Wheeler wrote:
> it is relatively trivial to demonstrate that public keys can
> be registered in every business process that currently
> registers shared- secrets (pins, passwords, radius, kerberos,
> etc, etc)

I don't think so.

Suppose the e-gold, to prevent this sea of spam trying to get
people to login to fake e-gold sites, wanted people to use
public keys instead of shared secrets, making your secret key
the instrument that controls the account instead of your shared

They could not do this using the standard IE webbrowser.  They
would have to get users to download a custom client, or at
least, like hushmail, a custom control inside IE.

HTTPS assumes that the certificate shall be blessed by the
administrator out of band, and has no mechanism for using a
private key to establish that a user is simply the same user as
last time. 

         James A. Donald

Reply via email to