-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Many site seem happy to manage a password for each user. The state of the art seems to be, let the user select a password, and use an e-mail exchange to verify that the user is who they say they are. It seems that it would not be much more complicated to let the user present the signature of a public key, and use an e-mail exchange to verify that this is indeed the user's public key. Has that been tried already?
- -- Christian Huitema -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/ Charset: utf-8 iQEcBAEBAgAGBQJSiEMqAAoJELba05IUOHVQQCQH/3vrYzHLmB6Vm+8bng70BVvj WIW+NWkGyFwKKODOz2vmNCsxk7Kta8gigbomT0MRZfVxQ4RTENSNnVbmssC7l0xZ uH/839PT67wFSIjLPi5dZ+YoztRLBb8rTCwJNNt0gGOL4Df6+y6if1ephVxGD5sj bsI/ZgO1t04KVdE2FfIhinsRsjLWbzyJtw2nhcG1aKetfmUbiLb6dL8VmaE6PB32 PmNP68TaxFRC/Xrn/RL06cAbzUWd+3ZSeaVK2Q8LCb5k6vuPgqneRauKpWDP+cvw tRs24P/yIpIvrYyMLFyPwvUi9+sWOB/YWcRkVQgXNyHbksTv03IRAc0Yx+TxWGU= =yxGA -----END PGP SIGNATURE----- _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
