[Cryptography] SRP for mutual authentication - as an alternative / addition to certificates?
Tony Arcieri
bascule at gmail.com
Tue Aug 11 21:24:35 EDT 2015
On Wed, Aug 5, 2015 at 11:51 AM, Ben Laurie <ben at links.org> wrote:
> I use one of those, but it doesn't really help with my other devices.
>
U2F is just a protocol. Your "other devices" could also act as U2F tokens
themselves (e.g. your SmartWatch could act as a U2F token for your
SmartPhone). Or (potentially) something like a Yubikey could provide U2F
over Bluetooth or NFC.
> And I'm screwed if I lose it (well, I'm not, because I'll be given
> another, but if I were a member of the public I would be).
>
Buy two and keep another as a backup, then revoke the first when you lose
it. But losing credentials is a general problem with any authentication
system.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150811/2cae98da/attachment.html>
More information about the cryptography
mailing list