On Monday 22 Jul 2013 17:10:56 Robert Hailey wrote: > > On 2013/07/22 (Jul), at 6:36 AM, Matthew Toseland wrote: > > > Okay so the idea is: > > 1. Marketing: the user has something they can keep and use for other things. > > 2. Uniqueness/cost guaranteed by the manufacturer: We can use an online > > service to establish that it's a genuine, unique yubikey, different to the > > yubikey's that have announced before. Then we generate a bootstrapping cert. > > Exactly, and there would be other tangible [or even legal] tradeoffs > (non-profit freenet project would not be selling anything, but wouldn't be > getting the money for development, but wouldn't be burdened with making yet > another identity system). > > > If they take said service offline, no big deal, because we only use it > > once, on creation. > > IMO, the company/service going away ranks pretty low in the implementation > concerns.
This does happen in practice. See e.g. Wikileaks. Companies can and do pull the plug on clients that cause press/political issues for them. > > > Maybe this is a possibility. > > It's at least something unconventional to consider, and you never know... Ian > might be able to use his charm to get a special deal for freenet onboarding > [or something] as it might help cross-promote other yubi products to the > security conscious (e.g. they also make hardware security modules and > yubikeys with integrated smartcard crypto). > > > We'd need a bitcoin option as well though. > > When choosing a course, we might also need to consider how easy it would be > for someone to acquire bitcoins, versus buying a yubikey, versus just > clicking a paypal link. I'm sure there would be people who wouldn't want to go the yubikey route.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
