[cap-talk] Webkeys vs. the web

Stiegler, Marc D marc.d.stiegler at hp.com
Mon Mar 23 14:55:21 EDT 2009


 Oh, it's a huge terrible issue. I just don't have a clue what to do except go through a long stage where there is both good and bad security co-existing, and if we can make the good security actually easier to use (as webkeys are most of the time, just click and go), it can eventually win.

Another alternative is to wait for technology to improve. Eventually, everyone will carry their highly-network-integrated cell phone all the time, and it could conveniently and automatically carry your webkeys. But not in the next year.

--marcs

> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org 
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Raoul Duke
> Sent: Monday, March 23, 2009 11:41 AM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] Webkeys vs. the web
> 
> > You can always use the "Remember me on this computer (don't 
> use for a public computer)" check box to let the user decide.
> 
> it worries me a little that whatever security advantages 
> there are from implementing some capability system can be 
> undermined by using lamer security systems as well e.g. the 
> user has to log in to their machine + then is automatically 
> remembered; maybe their login password is really lame.
> 
> while i don't really think the cap implementation has to 
> solve the problem of bad user login passwords, i wonder what 
> people's thoughts / opinions are on this 'issue' -- is it 
> seen as a total non-issue?
> 
> thanks.
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
> 


More information about the cap-talk mailing list