On Nov 17, 2013, at 12:24 AM, Christian Huitema <[email protected]> wrote: > Sure. But passwords don't support repudiation either... It seems the biggest > hurdle would be getting a JavaScript API that connects with a local store of > the PGP or GPG key.
We've dipped deeply into solutions in this discussion and I wouldn't blame the moderators for asking us to go elsewhere, but having said that, I think we are talking about two different things. You are talking about a fairly minor enhancement that makes things a little nicer, and what some other folks have talked about is a redesign that might add a lot more value, at the cost of being less easy to adopt. I would appreciate it if some of the security folks would point out obvious flaws in what we've been discussing—I still don't have the privacy model clear in my head, for example. But if we are going to do something new, IMHO we should get it right, and not do a bandaid that is just a little bit better. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
