On 6/7/2012 9:22 AM, James Snow wrote:
On Wed, Jun 06, 2012 at 11:14:58PM -0700, Aaron C. de Bruyn wrote:
Imaging signing up for a site by putting in your email and pasting your public key. Yes! Yes! Yes!
I've been making this exact argument for about a year. It even retains the same "email a link" reset mechanism when someone needs to reset their key.
A common counter-argument is, "But ordinary Internet users won't understand SSH keys." They don't need to! The idea is easily explained via a lock-and-key metaphor that people already understand. The UI for walking users through key creation is easily imagined.
-Snow
Oh yeah, I can just imagine that "lock and key" conversation now... "Imagine if the website has a lock on it, and you tell them what key you want to use by giving them a copy." "But if they have a copy of my key, couldn't they use it to open all of the other locks I've set up to use it?" "(explain public key crypto)" "(drool, distraction by the latest Facebook feature)" The other problem with this approach is that, as bad as trusting remote sites to do security properly is, I'm not sure that putting a "one key to rule them all" on users' machines is that much better, given the average user's penchant for installing malware on their machine because "FunnyMonkeyScreensaver.exe" sounded like such a good idea at the time... I suspect we'd see a huge wave of malware whose sole purpose is to steal public keys (and you KNOW users won't password-protect their private keys!). Plus, now you have the problem of users not being able to login to their favourite websites when they're using a friend's computer, internet cafe, etc, unless they've remembered to bring a copy of their private key with them. I think public key auth for websites is a great idea for geeks who understand the benefits, limitations and security concerns, but I have serious doubts that it would hold up when subjected to the "idiot test". - Pete