Re: The Internet Identity (WG) Crisis

On 2011-06-29 09:21, Henry Story wrote:
<snip>>
> It would be great to have provisioning of such hardware devices be as easy as simple
> keygeneration in a browser.
> 
> I have heard of the keygen2 proposal,
>   http://webpki.org/auth-token-4-the-cloud.html
> but I am not sure what other use cases more the advanced keygens are trying to solve -
> probably because I have not yet hit those limits myself. 

A very basic bank-requirement that isn't met by current browser-vendor
"keygen" solutions is the ability defining a PIN to a key.

In a typical WebID scenario a PIN would probably be a user option but in
the bank-world it is the bank that unilaterally sets the policy.

A good "keygen" system should support different policies.

A 10-pass protocol for setting a PIN may appear "slightly" over-engineered
but KeyGen2 does a few other tricks as well :-)

Regards,
Anders

Received on Wednesday, 29 June 2011 09:08:55 UTC