Christian Huitema <[email protected]> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Many site seem happy to manage a password for each user. The state of >the art seems to be, let the user select a password, and use an e-mail >exchange to verify that the user is who they say they are. It seems >that it would not be much more complicated to let the user present the >signature of a public key, and use an e-mail exchange to verify that >this is indeed the user's public key. Has that been tried already?
Being tried (again;-) [1] for httpauth which is a minority sport. No good reason IMO the same pattern couldn't be followed in loads of protocols S [1] http://tools.ietf.org/html/draft-ietf-httpauth-hoba > >- -- Christian Huitema >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v2.0.20 (MingW32) >Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/ >Charset: utf-8 > >iQEcBAEBAgAGBQJSiEMqAAoJELba05IUOHVQQCQH/3vrYzHLmB6Vm+8bng70BVvj >WIW+NWkGyFwKKODOz2vmNCsxk7Kta8gigbomT0MRZfVxQ4RTENSNnVbmssC7l0xZ >uH/839PT67wFSIjLPi5dZ+YoztRLBb8rTCwJNNt0gGOL4Df6+y6if1ephVxGD5sj >bsI/ZgO1t04KVdE2FfIhinsRsjLWbzyJtw2nhcG1aKetfmUbiLb6dL8VmaE6PB32 >PmNP68TaxFRC/Xrn/RL06cAbzUWd+3ZSeaVK2Q8LCb5k6vuPgqneRauKpWDP+cvw >tRs24P/yIpIvrYyMLFyPwvUi9+sWOB/YWcRkVQgXNyHbksTv03IRAc0Yx+TxWGU= >=yxGA >-----END PGP SIGNATURE----- > >_______________________________________________ >perpass mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
