As a way of working out my thinking on this, I've written a paper called "Improving Authentication On The Internet":
http://www.gerv.net/security/improving-authentication/
It starts with the basics, mostly as a way to confirm that my understanding of the current situation is correct. All comments, both correcting my facts and giving alternative views, are very welcome.
Currently, I'm circulating the URL to mozilla.org-specific groups. Later this week, I plan to invite wider comment.
Gerv _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security