[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]Project discussion
|
From: |
Chris Whip |
|
Subject: |
Re: [Auth]Project discussion |
|
Date: |
Sun, 15 Jul 2001 17:28:46 -0700 |
|
User-agent: |
Mutt/1.2.5i |
On Mon, Jul 16, 2001 at 09:45:36AM +0930, Nick Lothian wrote:
> I don't think an architecture relying on browser plugins or any special
> client side software is going to work.
And any architecture that doesn't require trusted client-side software
makes it impossible to implement a scheme that doesn't entirely trust
J. Random Website with your secret key, but instead permits a trusted
third party to mutually authenticate client and server, a la Kerberos.
I think that's important. I realize that next to Passport, which currently
requires trusting both the site and the authentication service, it's a lofty
goal. But I feel that it's essential in the medium term.
-- Chris Whip
- [Auth]Project discussion, Ron Burk, 2001/07/14
- RE: [Auth]Project discussion, Nick Lothian, 2001/07/15
- Re: [Auth]Project discussion,
Chris Whip <=
- [Auth]RoboForm, Norbert Bollow, 2001/07/16
- RE: [Auth]Project discussion, Nick Lothian, 2001/07/15
- RE: [Auth]Project discussion, Daniel Thomas, 2001/07/15
- RE: [Auth]Project discussion, Nick Lothian, 2001/07/15