[154021] in North American Network Operators' Group
Re: How to fix authentication (was LinkedIn)
daemon@ATHENA.MIT.EDU (Alexander Harrowell)
Thu Jun 21 08:27:00 2012
From: Alexander Harrowell <a.harrowell@gmail.com>
To: nanog@nanog.org
Date: Thu, 21 Jun 2012 13:23:50 +0100
In-Reply-To: <CAEE+rGoshUGqni7ZOgFoaLSROk5DCUQwGFo9iu-AoyHSBnzDeQ@mail.gmail.com>
Cc: "Aaron C. de Bruyn" <aaron@heyaaron.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--nextPart2259234.B23kDV0jXA
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
On Thursday 21 Jun 2012 04:16:22 Aaron C. de Bruyn wrote:
> On Wed, Jun 20, 2012 at 4:26 PM, Jay Ashworth <jra@baylink.com> wrote:
> > ----- Original Message -----
> >> From: "Leo Bicknell" <bicknell@ufp.org>
> > Yes, but you're securing the account to the *client PC* there, not=20
to
> > the human being; making that Portable Enough for people who use and
> > borrow multiple machines is nontrivial.
>=20
> Or a wizard in your browser/OS/whatever could prompt you to put in a
> 'special' USB key and write the identity data there, making it
> portable. Or like my ssh keys, I have one on my home computer, one on
> my work computer, one on my USB drive, etc... If I lose my USB key, I
> can revoke the SSH key and still have access from my home computer.
>=20
> And I'm sure someone would come up with the 'solution' where they
> store the keys for you, but only you have the passphrase...ala
> lastpass.
>=20
> -A
As far as apps go, loads of them use OAuth and have a browser step in=20
their setup.
So this adds precisely one step to the smartphone sync/activation=20
process - downloading the key pair from your PC (or if you don't have a=20
PC, generating one).
that covers vendor A and most vendor G devices. "what about the feature=20
phones?" - not an issue, no apps to speak of, noOp(). "what about=20
[person we want to be superior to who is always female for some=20
reason]?" - well, they all seem to have iPhones now, so *somebody's*=20
obviously handholding them through the activation procedure.
obviously vendor A would be tempted to "sync this to iCloud"...but=20
anyway, I repeat the call for a W3C password manager API. SSH would be=20
better, but a lot of the intents, actions etc are the same.
--nextPart2259234.B23kDV0jXA
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEABECAAYFAk/jEmkACgkQ0c69vkueJcQAKgCfVdkcMLJ9vWnhsQoPZNAn+Wke
rKoAoJssRg4zusI82SCQy+XU9RXvC9kW
=3YRX
-----END PGP SIGNATURE-----
--nextPart2259234.B23kDV0jXA--
