[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
How to fix authentication (was LinkedIn)
Guess we all need implants deep in less-than-easily-operable areas to
bind us to a digitally-accessible identity. This would make for an
interesting set of user-based trust-anchoring paradigms, at least.
On Wed, Jun 20, 2012 at 7:26 PM, Jay Ashworth <jra at baylink.com> wrote:
> ----- Original Message -----
>> From: "Leo Bicknell" <bicknell at ufp.org>
>
>> SSL certificates could be used this way today.
>>
>> SSH keys could be used this way today.
>>
>> PGP keys could be used this way today.
>>
>> What's missing? A pretty UI for the users. Apple, Mozilla, W3C,
>> Microsoft IE developers and so on need to get their butts in gear
>> and make a pretty UI to create personal key material, send the
>> public key as part of a sign up form, import a key, and so on.
>
> Yes, but you're securing the account to the *client PC* there, not to
> the human being; making that Portable Enough for people who use and
> borrow multiple machines is nontrivial.
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth ? ? ? ? ? ? ? ? ?Baylink ? ? ? ? ? ? ? ? ? ? ? jra at baylink.com
> Designer ? ? ? ? ? ? ? ? ? ? The Things I Think ? ? ? ? ? ? ? ? ? ? ? RFC 2100
> Ashworth & Associates ? ? http://baylink.pitas.com ? ? ? ? 2000 Land Rover DII
> St Petersburg FL USA ? ? ?http://photo.imageinc.us ? ? ? ? ? ? +1 727 647 1274
>
--
Kyle Creyts
Information Assurance Professional
BSidesDetroit Organizer