- From: David Jablon <dpj@world.std.com>
- Date: Mon, 14 Jun 1999 02:27:25 -0400
- To: Alex Kodat <ALEX@sirius.sirius-software.com>
- Cc: hallam@ai.mit.edu, http-wg@hplb.hpl.hp.com
While I'm sure this thread is off-topic for http-wg, I agree with Alex that passwords are here to stay, and I agree with Phillip that PKI is too. The big question is: How will passwords be used? I sincerely doubt that the dominant form will be PINs for smart cards, and I know we can do better than simple local key files encrypted with a password/phrase. For another vision of strong password + PKI systems, visit <http://www.IntegritySciences.com>. -- dpj At 09:55 AM 6/13/99 EDT, Alex Kodat wrote: >In-Reply-To: Message of Sat, 12 Jun 1999 23:24:20 -0400 from <hallam@ai.mit.> > >While I wholeheartedly agree that PKCS is *far* superior to password based >schemes, I suspect passwords will be around for some time to come. The idea >that every workstation out there will be equipped with smart-card readers >and all users will be walking around with smart cards that contain their >personal client certificate is lovely but not one I think we're likely >to see everywhere for many years to come. > >Password based systems are just too easy to manage and can be trivially >used with existing legacy systems. It's kinda like the https vs. shttp >issue or electronic wallets vs. credit card numbers over SSL: the >obviously superior technology is adopted slowly because the easier to >manage technology is considered "good enough" (BTS) and has virtually >no administrative overhead whereas the newer superior technology has >considerable administrative overhead. > >Just a prediction that 10 years from now people will still be using >passwords with we-based applications and will still be sending credit >card numbers over SSL. If there's a way I can help our customers using >password based systems I'd like to be able to do so. > >Alex Kodat >Sirius Software >Cambridge, MA
Received on Sunday, 13 June 1999 23:29:04 UTC