On 2013/07/22 (Jul), at 6:36 AM, Matthew Toseland wrote: > Okay so the idea is: > 1. Marketing: the user has something they can keep and use for other things. > 2. Uniqueness/cost guaranteed by the manufacturer: We can use an online > service to establish that it's a genuine, unique yubikey, different to the > yubikey's that have announced before. Then we generate a bootstrapping cert.
Exactly, and there would be other tangible [or even legal] tradeoffs (non-profit freenet project would not be selling anything, but wouldn't be getting the money for development, but wouldn't be burdened with making yet another identity system). > If they take said service offline, no big deal, because we only use it once, > on creation. IMO, the company/service going away ranks pretty low in the implementation concerns. > Maybe this is a possibility. It's at least something unconventional to consider, and you never know... Ian might be able to use his charm to get a special deal for freenet onboarding [or something] as it might help cross-promote other yubi products to the security conscious (e.g. they also make hardware security modules and yubikeys with integrated smartcard crypto). > We'd need a bitcoin option as well though. When choosing a course, we might also need to consider how easy it would be for someone to acquire bitcoins, versus buying a yubikey, versus just clicking a paypal link. -- Robert Hailey