Guido Witmond wrote (in reference to eccentric authentication):
Another (not a killer)-feature (for users) is that they are in control of the account. When they delete the private key, their account is closed. No one else can come later and claim the account. Unless they copied the private key beforehand.
Some reality check may turn this from a feature into a serious flaw: it's account continuity that matters to server-vendors and client-customers as well.
Server: a very good customer account vanishes suddenly and pops up as a new account (which one?) among the 200 or so that made a first transaction during the next week. Even the vanishing event can not be detected!
Client: I relied on the server to keep track of past purchase details, and for a crypto-&?%# reason (do I care?) I lost them. Even worse, I can't create a new account with my real name (it says it's already enrolled while in fact it no longer works).
Solving this issue in your experiment is going to re-introduce much of the PKI complexity.
Sorry for asking tough questions, but maybe they would pop up sooner or later if this experiment goes forward.
-- - Thierry Moreau _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
