Nat Sakimura schrieb:
1) Storing many users' private key on the server in decryptable format is
not very safe.
In your proposal, it looks like that OP is going to hold the private key for
each user in decryptable format. Considering that most large scale privacy
leakage happens at the
Overall, I'm not sure we are ready in this community to pick one
alternative over another as the standards. I have my views,
(many) others have (many) others -- and I don't think that any
of this has to be in an Authentication 1.x (x1) or 2.0 spec,
whatever it will be. This seems like a clean
On 2-Jun-07, at 5:14 PM, Recordon, David wrote:
I'd like to see this written as an
extension so that if the first approach doesn't work, the Auth spec
itself doesn't have to be reverted. Rather we can finish 2.0 and try
implementing different approaches before deciding on the final way to
I wasn't in that session (as far as I recall ;-)) so I don't know
either what was agreed on, or who agreed, or for what reasons ... the
thread so far does not look like it was a very stable agreement ;-)
On Jun 2, 2007, at 22:11, Johnny Bufu wrote:
On 2-Jun-07, at 5:14 PM, Recordon,