From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <20030710212155.6079.qmail@g.bio.cse.psu.edu>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] pop3 before smtp
In-reply-to: <20030710200907.GA4449@wilbur.25thandClement.com>
References: <6775b5273a21ebea7da9dedd6d520bec@plan9.bell-labs.com> <006001c3471c$689111e0$b9844051@insultant.net> <20030710200907.GA4449@wilbur.25thandClement.com>
From: Scott Schwartz <schwartz@bio.cse.psu.edu>
Date: Thu, 10 Jul 2003 17:21:54 -0400
Topicbox-Message-UUID: f442604e-eacb-11e9-9e20-41e7f4b1d025

| What is needed is a distributed PKI.

But why?  It seems easy enough to use use private keys, and a nice
protocol like SRP.

I guess the reason is that you just can't convince people not to give
their password away (just type it here in this web page!!), and, worse,
can't convince programmers not to ask for it.