I would like to propose an enhancement to the Apache web server for secure authentication.
If this is the wrong list, pls. reply with the correct list and I will post it there. SSH allows a user to create a public/private key pair and use that for authentication. This is much more secure than simply using passwords and adds the ability to add 'something you have' for multi-factor authentication. I propose that the same functionality would be enabled for web authentication. This functionality would require support on the server and in the client browser. The server would need to have the ability to store and recognize a public keys for authentication. The client browser would need to have the ability to create public/private keys and store them securely. It would also need to have the ability to copy the keys to other computers (home/work) or store them on a USB thumb drive for remote access. This functionality would be used primarily for web sites that require secure authentication, such as banks, Ebay, and Paypal. Do you think this is a good idea?
