[153470] in North American Network Operators' Group
Re: LinkedIn password database compromised
daemon@ATHENA.MIT.EDU (James Snow)
Thu Jun 7 09:24:02 2012
Date: Thu, 7 Jun 2012 06:22:40 -0700
From: James Snow <snow@teardrop.org>
To: "Aaron C. de Bruyn" <aaron@heyaaron.com>
In-Reply-To: <CAEE+rGq3bmL=aTW0ZQpybsircnNbLzVpvuAm5diLcoa2yFfWYg@mail.gmail.com>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Jun 06, 2012 at 11:14:58PM -0700, Aaron C. de Bruyn wrote:
>
> Imaging signing up for a site by putting in your email and pasting
> your public key.
Yes! Yes! Yes!
I've been making this exact argument for about a year. It even retains
the same "email a link" reset mechanism when someone needs to reset
their key.
A common counter-argument is, "But ordinary Internet users won't
understand SSH keys." They don't need to! The idea is easily explained
via a lock-and-key metaphor that people already understand. The UI for
walking users through key creation is easily imagined.
-Snow
