Eric,
Each of these approaches has a fairly obvious architecture. In fact,
Digest, which I forgot to mention in my previous message,
already has a pre-existing architecture, and PwdHash works with
the existing architecture.
You have to put the two together. ALL of the approaches that you
mention fail given an insecure UI. NONE of them are likely to be
applicable given a secure UI. What will be necessary is a secured
channel from the authentication module of the user to the authenticating
party. What is that? It's almost assuredly not going to include IP
addresses. How will PSK-TLS work in such circumstances? What is the
communication between the module and the browser? And add on top of ALL
of that the UI and don't forget registration.
Eliot
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf