On 2013/07/22 (Jul), at 12:22 PM, Matthew Toseland wrote: >> IMO, the company/service going away ranks pretty low in the implementation >> concerns. > > This does happen in practice. See e.g. Wikileaks. Companies can and do pull > the plug on clients that cause press/political issues for them.
What I meant, is that in the *worst case scenario* where: * we only use yubikeys, * we use expiring certs, and * yubico just pulled the plug on us Then our total investment has been: (1) a 100%-reusable mechanism that delivers a string to a signing server [and reports back], and (2) a single (near-zero cost) API web-call that verifies the identifier ...and if we do nothing, "certificates" will expire and break down the network. Then all we have to do is release an update with one change, that certificates that expire after date-X (a value perhaps one month before they pulled the plug) are considered valid. Next, we can write whatever other custom validation solution is required, and regardless of the identifier (paypal receipt number, validation code, bitcoin "from" address) we would already have the transport system needed (just change the help text)... and we are not "heavily invested" in this particular solution, nor have incurred a substantial disruption. > I'm sure there would be people who wouldn't want to go the yubikey route. I would be surprised if there wasn't, but (from the user's perspective) it is about as unsavory as "paying for freenet"... but you get a cool gadget! -- Robert Hailey
