ANNOUNCE: Review requests
Matthew Miller
mattdm at mattdm.org
Sat Mar 19 03:10:57 UTC 2005
On Sat, Mar 19, 2005 at 12:35:43AM +0100, Enrico Scholz wrote:
> 2. use different logindata. This will be much data which nobody can
> recall after some time. So, you have to use keymanagers or go through
> a remember-password procedure on every login. I do not trust complex
> systems like webbrowsers and think that this should be used for less
> sensitive passwords only.
[...]
> So I think, that GPG based authentication is much more secure than the
> HTTP authentication.
You chose to snip a paragraph from my earlier message which I think is quite
relevant here, so I'm gonna repeat it:
I'm not opposed to some sort of GPG signature-based process, but it needs
to be integrated enough with the tools people will be using (webbrowsers,
most likely) to make it not a burden.
We need a system that is workable for developers to use. It needs to be
secure, but it also needs to *aid* the process, not interfere with it.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-extras-list
mailing list