[Cryptography] On the deployment of client-side certs

Ron Garret ron at flownet.com
Tue Nov 15 21:39:58 EST 2016

On Nov 15, 2016, at 2:38 PM, Tony Arcieri <bascule at gmail.com> wrote:

> On Tue, Nov 15, 2016 at 2:18 PM, Ray Dillinger <bear at sonic.net> wrote:
> > Is it really that hard to convince people to carry a U2F / OpenPGP token
> > with USB/NFC/BLE capabilities in their keychain? It shouldn't be.
> This is actually a quite good idea.  The mental model of a keyed
> lock, with a physical key, works reasonably well for at least some
> plausible implementations of client-side authentication.
> I've been a big fan of FIDO for the past two years and I've really wanted to support U2F tokens specifically for the real-world analogy to keys, but I don't think it's really practical for everyone to buy a U2F token. I would love to see everyone using hardware tokens this way, but I just don't see it happening.

Why not?  They are not very expensive.  You can get one on Amazon for $10.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161115/fb7fa65d/attachment.html>

More information about the cryptography mailing list