- From: Alex Kodat <ALEX@sirius.sirius-software.com>
- Date: Sun, 13 Jun 99 09:55:47 EDT
- To: hallam@ai.mit.edu
- Cc: http-wg@hplb.hpl.hp.com
In-Reply-To: Message of Sat, 12 Jun 1999 23:24:20 -0400 from <hallam@ai.mit.> While I wholeheartedly agree that PKCS is *far* superior to password based schemes, I suspect passwords will be around for some time to come. The idea that every workstation out there will be equipped with smart-card readers and all users will be walking around with smart cards that contain their personal client certificate is lovely but not one I think we're likely to see everywhere for many years to come. Password based systems are just too easy to manage and can be trivially used with existing legacy systems. It's kinda like the https vs. shttp issue or electronic wallets vs. credit card numbers over SSL: the obviously superior technology is adopted slowly because the easier to manage technology is considered "good enough" (BTS) and has virtually no administrative overhead whereas the newer superior technology has considerable administrative overhead. Just a prediction that 10 years from now people will still be using passwords with we-based applications and will still be sending credit card numbers over SSL. If there's a way I can help our customers using password based systems I'd like to be able to do so. Alex Kodat Sirius Software Cambridge, MA
Received on Sunday, 13 June 1999 07:14:07 UTC