>and would also reduce or >eliminate the need for an OP since the client software could sign the >messages directly if it had the private key.
I would hope for "reduce" - again, leaving the option available to those of us who are more security-conscientious to have multiple passwords, and making the OP's secondary signators to our authentication. That way, breaking only one key would only offer a relatively "weak" authentication. My usage of "weak" is from "strong" in this message: http://openid.net/pipermail/general/2008-July/005115.html I imagine single-OP authentication being sufficient for leaving comments (so an attacker could have those), dual-OP authentication being required for *deleting* (or editing) comments (more tricky for an attacker), and triple (or more) OP authentication necessary for banking, etcetera. -Shade _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
