W3C home > Mailing lists > Public > public-identity@w3.org > June 2011

Re: [websec] re-call for IETF http-auth BoF

From: Nico Williams <nico@cryptonector.com>
Date: Wed, 15 Jun 2011 10:11:28 -0500
Message-ID: <BANLkTi=LN=ZRyaGE4YBYa2fHSghekQxkqg@mail.gmail.com>
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: Yutaka OIWA <y.oiwa@aist.go.jp>, "KIHARA, Boku" <bkihara.l@gmail.com>, public-identity@w3.org
On Wed, Jun 15, 2011 at 10:08 AM, Anders Rundgren
<anders.rundgren@telia.com> wrote:
> Another alternative is using authentication methods where you only
> (optionally) use local PINs which if snooped by an imitating UI
> doesn't get the attacker very far, at least not on an Internet scale.

Once you've got a credential manager integrated then this will
typically be the case.

> PKI is still the champ.

I don't think PKI has an advantage here, except for smartcard support
the crypto primitives (public key operations) needed for PKI.

Nico
--
Received on Wednesday, 15 June 2011 15:14:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 15 June 2011 15:14:20 GMT