[Cryptography] On the deployment of client-side certs

Tony Arcieri bascule at gmail.com
Tue Nov 15 17:38:49 EST 2016

On Tue, Nov 15, 2016 at 2:18 PM, Ray Dillinger <bear at sonic.net> wrote:

> > Is it really that hard to convince people to carry a U2F / OpenPGP token
> > with USB/NFC/BLE capabilities in their keychain? It shouldn't be.
> This is actually a quite good idea.  The mental model of a keyed
> lock, with a physical key, works reasonably well for at least some
> plausible implementations of client-side authentication.

I've been a big fan of FIDO for the past two years and I've really wanted
to support U2F tokens specifically for the real-world analogy to keys, but
I don't think it's really practical for everyone to buy a U2F token. I
would love to see everyone using hardware tokens this way, but I just don't
see it happening.

That said, another FIDO standard, UAF, should enable smartphones to work as
cryptographic authentication tokens. I think this approach is much more

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161115/9f3ee0a3/attachment.html>

More information about the cryptography mailing list