On 19/04/18 19:14, Saku Ytti wrote: > Anyone up for some IETF fun? I think this PW problem can be mostly > solved by an standard API. I imagine that you have some credentials > wallet which supports the API, browser which supports the API and HTTP > server which supports the API. You have some way to locally lock down > and open the wallet, which is out-of-scope for the standard. > Now when you register to new site, your browser asks site about > authentication policy (what information is needed, what that > information can look like) it then asks wallet to provide such > information for set of hosts or URLs, and then browser offers this > information to the server.
There's various proposals for that in web-land, some of which are sane-ish (the exact rant is off-topic enough I'll skip it), some of them also practical for non-interactive and non-web uses. What is on-topic is there are some folk looking at standardising TACACS as it's actually implemented, and then potentially an enhancement. I'd *REALLY* love if client key negotiation of some form was in the standard, so I could simply ssh to any router with key auth without needing to statically configure keys on each router. Draft: https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-10 _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp