Re: [websec] re-call for IETF http-auth BoF

On Wed, Jun 15, 2011 at 10:08 AM, Anders Rundgren
<anders.rundgren@telia.com> wrote:
> Another alternative is using authentication methods where you only
> (optionally) use local PINs which if snooped by an imitating UI
> doesn't get the attacker very far, at least not on an Internet scale.

Once you've got a credential manager integrated then this will
typically be the case.

> PKI is still the champ.

I don't think PKI has an advantage here, except for smartcard support
the crypto primitives (public key operations) needed for PKI.

Nico
--

Received on Wednesday, 15 June 2011 15:14:20 UTC