On 25/09/11 21:52, ianG wrote:
... Any client cert is better than the current best saved password situation, because the technical security of a public key pair always exceeds a password...
Client certs are not a practical solution for retail and other low security applications: they require that the end user uses either one and only one computer, or that they are burdened with transferring certificates between all the computers that are being used by one customer to access to site and transact the business. I have noticed that "crypto experts" keep pushing this "use-only- a-single-trusted-computer" M.O. on the end users, while site operators (retail especially) understand it is utterly unrealistic and insist on passwords since these can be used on any computer their customer happens to be at. Mark R. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
