|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Problems with most web app auth schemes
Date: Sun Jul 27 2003 - 12:59:18 EDT
> The problem with the public key cryptography system is that it is
False. In no way is it required for you to buy a public key. If a web app wants to be reasonably confident in the association between a given public key and a user, then have that user provide a public key at sign-up time. Users can create public keys locally, self-signed, and never worry about having any 3rd party sign it.
If you are worried about the initial key exchange being attacked, well then use one of the many types of public key server systems to exchange initial keys.
Yes, distributed key management systems are harder to maintain, but they provide a means to verify keys with little cost to both end users and service providers.
> personal keys came with a computer system, then I believe it would catch
You would propose that computer manufacturers have full access to your private keys?
> things work without paying the money, why should the client pay the money.
Once again, your have been confused by the eCommerce monopoly that exists wrt site certificates. It doesn't have to work this way. Look at PGP. You say PGP is commercial? Use GPG, and one of the free* key servers out there.
I am not saying all of the tools to implement such systems are out there, but it is something that I agree people should start looking at.
tim
- as in beer and as in freedom.
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:54 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |