* Richard Troy (rtroy@ScienceTools.com) wrote:
> Would signed certificates be preferred? Well, sure, they're nice. I don't
> object, and in fact welcome some improvements here. For example, I'd love
> the choice of taking an individual user's certificate and authenticating
> completely based upon that. However, while this _seems_ to simplify
> things, it really just trades off with the added cost of managing those
> certs - username/password is slam-dunk simple and has the advantage that
> users can share one authentication.
Username/password is not acceptable in a number of situations. This is
not intended to replace them. This would be in *addition* to supporting
the current auth methods. I don't understand at all how you feel it'd be
nice to have yet shouldn't be done.
Thanks,
Stephen