On Sat, 2012-06-23 at 10:27 +0200, Michiel de Jong wrote: > On Sat, Jun 23, 2012 at 7:23 AM, Nick M. Daly <[email protected]> wrote: > > So, identity is pretty fundamental to this project. Without identity, > > privacy is a meaningless concept. > > good point! > > > The FreedomBox identifies a person or > > group of people through their keys. > > IIUC, that seems to be design choice aimed at power users. You access > your freedombox from either your laptop, or your phone, or an internet > cafe, right? That means that you need to configure the key on your > laptop, then configure it on your phone, and then export it onto a usb > stick, then put the usb stick in your wallet, take it with you on > holidays, not lose it, take it into the internet cafe, stick it into > the computer there, and know how to use it to install use your key on > this computer at the internet cafe. > > actually, power users probably don't even use internet cafes. my point > is, in general, people want the device they use to get to their > freedombox, to be stateless. if there is a key involved, then that's > not stateless. All people can remember is their email address and > their password. Should we design for these people? Should we teach > these people new behaviour?
You should probably at least think of using an OTP. It is easily available, relatively easy to set up, and you can use it with a softtoken on your laptop/phone. Mere passwords are easier to steal. Simo. -- Simo Sorce Samba Team GPL Compliance Officer <[email protected]> Principal Software Engineer at Red Hat, Inc. <[email protected]> _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
