|
|
|
|
|
|
by malandrew
4605 days ago
|
|
|
Exactly this. Take the github process for getting your public key for example. I as a user need to go to the github user settings (probably after getting a warning at the command line or wondering why the command line process is so disjointed) and find the tab for adding my public key. Once there, if I don't yet have a public key I need to generate one, which requires reading instructions on how to do so. Then I need to copy the .pub file (someone uninformed might not understand them fully yet and try to upload the private one by accident). This entire tango might be acceptable for you and I, but not for most people who are probably struggling on the first step and figuring out on their own what PGP is to begin with. At the end of the day, this is just a really convoluted way of doing exactly what ssh-id-copy(1) does[0]. Hardly something my mother could do. What we're suggesting is building the ssh-id-copy(1) process into the browser as a W3C spec, which would allow me to show up on a site and quickly and safely copy the public key of my choosing. It is precisely the lack of such integration with a distributed auth technology that has made centralized auth technologies like OAuth with Facebook and Twitter much more attractive than they should have even been. [0] http://linux.die.net/man/1/ssh-copy-id |
|
|