In message <4FD0AE52.20602@alter3d.ca>, Peter Kristolaitis writes:
On 6/7/2012 9:22 AM, James Snow wrote:
On Wed, Jun 06, 2012 at 11:14:58PM -0700, Aaron C. de Bruyn wrote:
Imaging signing up for a site by putting in your email and pasting your public key. Yes! Yes! Yes!
I've been making this exact argument for about a year. It even retains the same "email a link" reset mechanism when someone needs to reset their key.
A common counter-argument is, "But ordinary Internet users won't understand SSH keys." They don't need to! The idea is easily explained via a lock-and-key metaphor that people already understand. The UI for walking users through key creation is easily imagined.
-Snow
Oh yeah, I can just imagine that "lock and key" conversation now...
"Imagine if the website has a lock on it, and you tell them what key you =
want to use by giving them a copy." "But if they have a copy of my key, couldn't they use it to open all of=20 the other locks I've set up to use it?" "(explain public key crypto)" "(drool, distraction by the latest Facebook feature)"
No. The correct metaphor is I have a key and a bunch of locks keyed to that lock. I give them a lock to install which only the key I have can open.
The other problem with this approach is that, as bad as trusting remote=20 sites to do security properly is, I'm not sure that putting a "one key=20 to rule them all" on users' machines is that much better, given the=20 average user's penchant for installing malware on their machine because=20 "FunnyMonkeyScreensaver.exe" sounded like such a good idea at the=20 time... I suspect we'd see a huge wave of malware whose sole purpose=20 is to steal public keys (and you KNOW users won't password-protect their = private keys!).
Actually it is a big win. You now have to compromise millions of machines to get millions of keys rather than a couple of machines to get millions of passwords.
Plus, now you have the problem of users not being able = to login to their favourite websites when they're using a friend's=20 computer, internet cafe, etc, unless they've remembered to bring a copy=20 of their private key with them.
That is a real issue.
I think public key auth for websites is a great idea for geeks who=20 understand the benefits, limitations and security concerns, but I have=20 serious doubts that it would hold up when subjected to the "idiot test".
- Pete -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org