So now it's a matter of scaling? I'd rather stay on the grounds of certificates, where scaling has been one of the primary focuses since the early 2k.
In my opinion it's pretty much useless reinventing the wheel; the idea behind certificates is as much a security medium as is the party being actively recognized. Back to your implementation, you need to know who the passphrase is coming from and most importantly, you need means to verify that party. So it boils down to who's dictating who is trusted or not. You or Them. On Wed, Sep 8, 2010 at 8:53 PM, Andrew Auernheimer <[email protected]> wrote: >> This is no different then installing a client cert > > Yes, exactly. This is as equally secure as installing a client cert. > Except it is achieved without a client cert, using only a password, in > a manner that can be more easily scaled to lots of users. > >> >> >> Trying to not sound like a dick, >> dvs. >> >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
