On Sun, Nov 30, 2014 at 2:58 PM, Alfie John <[email protected]> wrote:
> I think a better solution would be something like implementing Digest > Authentication (RFC 2069, but replacing MD5 with something like AES-256 > and allow it to be upgradable) in the browser. The password field value > would then be replaced with the value from the DA call and no secrets > would be leaked. This solution would get way faster adoption. There's also the FIDO Alliance's Universal Authentication Factor: http://fidoalliance.org/specs/fido-uaf-overview-v1.0-rd-20140209.pdf -- Tony Arcieri
