[spokey]

> If you only give someone a public key, > how can they authenticate you based > on that? You must be giving them some > piece of private data, or else anyone > could authenticate as you.

That's not quite the way it works. There is no shared secret required. With my public key you can create an authentication challenge that allows you to validate my identity without ever seeing my private key (or, for that matter, you can send me a message that only I can read).

[mquander]

Yeah, I figured out what he was getting at a moment after posting, so I edited my post with my core objection, which is just that there's really no benefit I can see to doing that instead of using memorizable passwords.