Hacker News new | past | comments | ask | show | jobs | submit login

Is there any chance to go even further than this? I'm imaging a public key based authentication scheme.

The user submit their public key to the server first, then in the feature logins, server will generate a challenge for client to decrypt and respond.

Of course the browser can apply some UX magic at the client end, for example displaying a pop window to allow user to select a public key for the authentication process, etc.




Sounds like client certificates. I guess you have never used those. All major browsers support them.

In Firefox you can find them here: Settings -> Privacy & Security -> View Certificates -> Your Certificates


Yes, but the advantage is that the user sends their own public keys and they can switch it freely (and preferably easily, user click "login", a window pop up, user select a public key, done) at will. While client certificates is currently managed fully by the browser, and you need to adjust your HTTPS infrastructure in order to enable the feature.


Isn't that basically client certificates?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: