[cap-talk] Webkeys vs. the web

David-Sarah Hopwood david.hopwood at industrial-designers.co.uk
Mon Mar 23 15:50:02 EDT 2009

Stiegler, Marc D wrote:
> But for today, we still need another mechanism for the rare remote access
> -- but since it is rare, so I would tolerate a tiny amount of hassle as
> long as it wasn't too weird.
> In this case, suppose we take a page from the "Forgot your password?" folks.
> Have a public memorable page into which you simply type your email address,
> and the system sends an appropriate webkey to that email.

I don't see why email (which must be assumed to be sent in the clear)
needs to be involved to solve the problem raised by Chip. Just have the
public memorable page be a username/password form, served and submitted
using https, that returns the user's root page. Then the user can
bookmark their root page if they want to.

To users, this will look exactly like a conventional login, even though
there is actually no login state. You may also want to give the option
to disable the password for users who are confident that they have some
reliable means to remember their root webkey.

David-Sarah Hopwood ⚥

More information about the cap-talk mailing list