[teraflop]

But the protocol doesn't do mutual authentication, so without using HTTPS, you have no way of ensuring that you're contacting the correct server. So during the authentication process, the attacker can control your view of the site and get you to sign whatever login requests they want.

[Buge]

Yeah I think you're right.

And if all authentication is done client-side with javascript, the attacker could steal your private key and use it to attack other sites.

[alexro]

You can still use SSL, why that argument? BitAuth makes you sign-up and log-in with a public key, SSL plays along to verify the server. Win-win?

[teraflop]

Sure, and any sane implementation of BitAuth should use SSL.

The point I'm trying to make is that if you can trust SSL to protect a BitAuth signature, you can also trust it to protect a password. So claiming "passwords may travel over plaintext" as a relative advantage of this scheme is disingenuous; in both cases, you need to provide that protection at a lower protocol level.