On 2013-01-17 11:38 AM, James A. Donald wrote:
The end game is passwords with srp. Even if you are using client side certificates, you have to be able to get your PC client side certificates onto your smartphone, which requires that you sign on to your PC using a password.
To clarify: I think everyone and everything should be identified by their public key, but the corresponding non human memorable secret key has to be stored somewhere, and I propose that you sign on to that somewhere using a password and srp.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
