matt... you're close... the complete solution has to encompass a number of different elements. the original goal was to try to get rid of passwords, and allow the user to 'know' that the site that they're heading to/using is the site they actually want to be on. i'm pretty satisfied with the approach that i'm looking at right now... over time, it solves the issue of 'being on the right site', it solves the issue of having to handle different passwords.. it gets rid of traditional passwords.. it can be used for basic age verification, it also can be used to match a transaction with a given machine via hash/fingerprinting of the user machine... it deals with lost user/key information... dayum, i'm tired... thanks -bruce -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Matthew Miller Sent: Monday, June 06, 2005 9:55 AM To: For users of Fedora Core releases Subject: Re: how can you verify that the site you get is not a fake? On Mon, Jun 06, 2005 at 05:15:25PM +0100, Andy Green wrote: > Here's an idea... you expect the site to challenge YOU for your password > before giving you access, right? Well keep that, but register a second > password with the site when you join it, and the site has to show it to > you over https before you will believe it is the site that you > originally joined ;-) or maybe an image you upload. -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> Current office temperature: 80 degrees Fahrenheit. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
