[Cryptography] SRP for mutual authentication - as an alternative / addition to certificates?

[Jerry Leichter]

>> This is the core problem - if we could get users to only type their
>> passwords into the one true password box, then there are many viable
>> solutions to "the password problem". But all attempts to do this so far have
>> been dismal failures.
> 
> Out of curiosity, do you have more details about previous attempts?
Safari actually implements such a mechanism:  If the remote site asks for authentication in "the right way" - and, frankly, I have no idea what it is; some sites do manage to trigger the mechanism; most don't - a special box "unrolls" from the top chrome over the page.  I don't know if the effect can be duplicated in Javascript; it would take some effort, I would think.  But since people don't expect this anyway ... there's little point.

                                                        -- Jerry