I do have to worry about protecting the cookies, but that’s what GPG, LUKS, FreeOTFE, TrueCrypt, FileVault, and BitLocker are for. Whoah, that’s weird: TrueCrypt, FileVault, and BitLocker all have capital letters in the middle of the word. I wish there were more viable FDE solutions for Windows XP and Mac OS X. I also wish there were more portable devices (i.e. PDA Phones, UMPC’s) besides state-of-the-art laptops that included a TPM chip.

I’m sure that some websites would want to force 2FA/MFA, but in those situations (e.g. banks), I’m all for as much authentication as possible for obvious security reasons.

Imagine: User goes to site, clicks “Login”, et voila, he’s IN.

The behind the scenes is really interesting.
Browser sends a BEGIN_SESSION http request, before sending the “login” request the webmaster has provided.
Server returns a hash, encrypted to this user using OpenPGP.
Browser decrypts, then saves hash internally.
It then continues to the “login” request, with this hash appended, which also takes part of the OpenPGP signature of the request! (and from then on, until logout or timeout, hash is appended to every request to the site).

So, server can:
1) Verify digital signature of request
2) match it to a valid session!

:)
Hope you like it.

You have to see my face and attitude. I’m at home, I get a Google Alert about enigform, check out this page… I’m surrounded with friends from my local 2600 meeting group… and I read about MY enigform and mod_openpgp! :D Imagine: Jump, jump, jump :)

Thanks!!!!!