[Cryptography] On the deployment of client-side certs
Ron Garret
ron at flownet.com
Tue Nov 15 21:39:58 EST 2016
On Nov 15, 2016, at 2:38 PM, Tony Arcieri <bascule at gmail.com> wrote:
> On Tue, Nov 15, 2016 at 2:18 PM, Ray Dillinger <bear at sonic.net> wrote:
> > Is it really that hard to convince people to carry a U2F / OpenPGP token
> > with USB/NFC/BLE capabilities in their keychain? It shouldn't be.
>
> This is actually a quite good idea. The mental model of a keyed
> lock, with a physical key, works reasonably well for at least some
> plausible implementations of client-side authentication.
>
> I've been a big fan of FIDO for the past two years and I've really wanted to support U2F tokens specifically for the real-world analogy to keys, but I don't think it's really practical for everyone to buy a U2F token. I would love to see everyone using hardware tokens this way, but I just don't see it happening.
Why not? They are not very expensive. You can get one on Amazon for $10.
rg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161115/fb7fa65d/attachment.html>
More information about the cryptography
mailing list