[Cryptography] YubiKeys / FIDO / U2F ??
Tony Arcieri
bascule at gmail.com
Tue Nov 3 19:55:45 EST 2015
On Tue, Nov 3, 2015 at 4:11 PM, Bill Cox <waywardgeek at gmail.com> wrote:
> While SOP is well designed, captures all we’ve learned, has a lot of very
>> nice properties (and we may get forced into it regardless - given the
>> eagerness by which other things are forefully retired from the specs) — one
>> may want to review it in the light of the open web principles.
>>
>
> Dumb question: what's SOP stand for?
>
Same-origin policy.
> In a better world, IMO, we would register our devices semi-anonymously
> with web sites, and passwords/pins/fingerprints would only be used to
> authenticate you to your devices. In such a world, there would be less
> need for a third party to provide authentication services. I resisted
> using "Login with Facebook" and such in the past, but it seems hackers are
> gaining ground, and I am close to giving in. By moving to device based
> authentication, which FIDO and some other techniques support, we can keep
> the web safe enough for smaller sites to continue managing their own user
> authentication.
>
That's the dream of FIDO UAF
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151103/d0cce3a5/attachment.html>
More information about the cryptography
mailing list