[cap-talk] Webkeys vs. the web
Stiegler, Marc D
marc.d.stiegler at hp.com
Mon Mar 23 16:22:32 EDT 2009
I am presuming that the service would be using the "forgot your password" protocol anyway for people who forget their password. In which case, there is no increase in vulnerability: an attacker who has the prerequisite mitm authority can always simply run this attack against you anyway, just by clicking "forgot my password" button for you :-)
The advantage of my proposal is we are not adding yet another password to the burden. I consider the yet another password more burden than the wait for the email, especially in the situation where I am rarely using a machine that does not have the direct bookmark (which means I have surely forgotten the password anyway, because it has been such a long time since I needed it, why not just cut straight to the chase?). Of course, YMMV.
But none of this addresses chip's real concern, which is a different problem.
> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of
> David-Sarah Hopwood
> Sent: Monday, March 23, 2009 12:50 PM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] Webkeys vs. the web
> Stiegler, Marc D wrote:
> > But for today, we still need another mechanism for the rare remote
> > access
> > -- but since it is rare, so I would tolerate a tiny amount
> of hassle
> > as long as it wasn't too weird.
> > In this case, suppose we take a page from the "Forgot your
> password?" folks.
> > Have a public memorable page into which you simply type your email
> > address, and the system sends an appropriate webkey to that email.
> I don't see why email (which must be assumed to be sent in
> the clear) needs to be involved to solve the problem raised
> by Chip. Just have the public memorable page be a
> username/password form, served and submitted using https,
> that returns the user's root page. Then the user can bookmark
> their root page if they want to.
> To users, this will look exactly like a conventional login,
> even though there is actually no login state. You may also
> want to give the option to disable the password for users who
> are confident that they have some reliable means to remember
> their root webkey.
> David-Sarah Hopwood ⚥
> cap-talk mailing list
> cap-talk at mail.eros-os.org
More information about the cap-talk