In message <4fd0ae52.20...@alter3d.ca>, Peter Kristolaitis writes: > On 6/7/2012 9:22 AM, James Snow wrote: > > On Wed, Jun 06, 2012 at 11:14:58PM -0700, Aaron C. de Bruyn wrote: > >> Imaging signing up for a site by putting in your email and pasting > >> your public key. > > Yes! Yes! Yes! > > > > I've been making this exact argument for about a year. It even retains > > the same "email a link" reset mechanism when someone needs to reset > > their key. > > > > A common counter-argument is, "But ordinary Internet users won't > > understand SSH keys." They don't need to! The idea is easily explained > > via a lock-and-key metaphor that people already understand. The UI for > > walking users through key creation is easily imagined. > > > > > > -Snow > > Oh yeah, I can just imagine that "lock and key" conversation now... > > "Imagine if the website has a lock on it, and you tell them what key you = > > want to use by giving them a copy." > "But if they have a copy of my key, couldn't they use it to open all of=20 > the other locks I've set up to use it?" > "(explain public key crypto)" > "(drool, distraction by the latest Facebook feature)"
No. The correct metaphor is I have a key and a bunch of locks keyed to that lock. I give them a lock to install which only the key I have can open. > The other problem with this approach is that, as bad as trusting remote=20 > sites to do security properly is, I'm not sure that putting a "one key=20 > to rule them all" on users' machines is that much better, given the=20 > average user's penchant for installing malware on their machine because=20 > "FunnyMonkeyScreensaver.exe" sounded like such a good idea at the=20 > time... I suspect we'd see a huge wave of malware whose sole purpose=20 > is to steal public keys (and you KNOW users won't password-protect their = > private keys!). Actually it is a big win. You now have to compromise millions of machines to get millions of keys rather than a couple of machines to get millions of passwords. > Plus, now you have the problem of users not being able = > to login to their favourite websites when they're using a friend's=20 > computer, internet cafe, etc, unless they've remembered to bring a copy=20 > of their private key with them. That is a real issue. > I think public key auth for websites is a great idea for geeks who=20 > understand the benefits, limitations and security concerns, but I have=20 > serious doubts that it would hold up when subjected to the "idiot test". > > - Pete -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org