On Nov 16, 2013, at 11:16 PM, Christian Huitema <[email protected]> wrote: > Many site seem happy to manage a password for each user. The state of the art > seems to be, let the user select a password, and use an e-mail exchange to > verify that the user is who they say they are. It seems that it would not be > much more complicated to let the user present the signature of a public key, > and use an e-mail exchange to verify that this is indeed the user's public > key. Has that been tried already?
Maybe so. This works fine, but doesn't allow for per-device repudiation. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
