[cap-talk] Webkeys vs. the web

Stiegler, Marc D marc.d.stiegler at hp.com
Mon Mar 23 16:22:32 EDT 2009

I am presuming that the service would be using the "forgot your password" protocol anyway for people who forget their password. In which case, there is no increase in vulnerability: an attacker who has the prerequisite mitm authority can always simply run this attack against you anyway, just by clicking "forgot my password" button for you :-)

The advantage of my proposal is we are not adding yet another password to the burden. I consider the yet another password more burden than the wait for the email, especially in the situation where I am rarely using a machine that does not have the direct bookmark (which means I have surely forgotten the password anyway, because it has been such a long time since I needed it, why not just cut straight to the chase?). Of course, YMMV.

But none of this addresses chip's real concern, which is a different problem.


> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org 
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of 
> David-Sarah Hopwood
> Sent: Monday, March 23, 2009 12:50 PM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] Webkeys vs. the web
> Stiegler, Marc D wrote:
> > But for today, we still need another mechanism for the rare remote 
> > access
> > -- but since it is rare, so I would tolerate a tiny amount 
> of hassle 
> > as long as it wasn't too weird.
> > 
> > In this case, suppose we take a page from the "Forgot your 
> password?" folks.
> > Have a public memorable page into which you simply type your email 
> > address, and the system sends an appropriate webkey to that email.
> I don't see why email (which must be assumed to be sent in 
> the clear) needs to be involved to solve the problem raised 
> by Chip. Just have the public memorable page be a 
> username/password form, served and submitted using https, 
> that returns the user's root page. Then the user can bookmark 
> their root page if they want to.
> To users, this will look exactly like a conventional login, 
> even though there is actually no login state. You may also 
> want to give the option to disable the password for users who 
> are confident that they have some reliable means to remember 
> their root webkey.
> --
> David-Sarah Hopwood ⚥
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk

More information about the cap-talk mailing list