New feature proposal: save Alternative ID name in application

  • New SQRL for .Net Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to TechLiam's "SQRL for .Net" server-side middleware. You'll find it under "Server-Side Solutions."

    /Steve.

G

Gristle

Guest
Post removed due to harassment from PHolder
 
Last edited by a moderator:
G

Gristle

Guest
Post removed due to harassment from PHolder
 
Last edited by a moderator:
G

Gristle

Guest
Post removed due to harassment from PHolder
 
Last edited by a moderator:
G

Gristle

Guest
Post removed due to harassment from PHolder
 
Last edited by a moderator:

PHolder

Well-known member
May 19, 2018
956
128
@Gristle I can't tell if you're being intentionally difficult or are just stuck on one track. Your wants and needs are yours alone. I would encourage you to stop telling others they're "doing it wrong." Not doing things the way you like them done doesn't mean other people are doing it wrong.

@Steve made a choice in design, it's not the only possible design. Other clients can be made to work in other ways.

It appears that some people, yourself included, think that better security is only an option if you're willing to stop being able to do things you've always done with userID and password. That is one perspective, but not the only one. Some people, or more probably many people, share userID and passwords, for their own selfish reasons. (Sharing Netflix accounts being very common, it seems.) The proposed answer was MSA... and that could potentially work, but it's an optional feature and a lot more work to implement, and the first real world site using SQRL (these forums) doesn't even implement it.

As just one possible option, instead of generating the site unique 256-bit private and public keys from the site's URL, it could randomly generate the 256-bit value and enter that into a database along with the URL. That way, you could share or give away your credential for ONE site without compromising your entire identity. You could also therefore rekey a single site without rekeying your entire identity. This would not be detectable by any SQRL site... but it would affect interoperability between SQRL clients. In general it would mean you couldn't use QR Codes to import/export your identity. On the other hand, it could be a new feature where you could share your credential to a single site with someone by QR Code or some other means.

A more extreme variation of this would be a client that invisibly creates and manages one "standard" SQRL identity per site. Again, this would have conequences for sharing between clients, but it would be undetectable by any site implementing SQRL for authentication.
 
Last edited:
G

Gristle

Guest
Post removed due to harassment from PHolder
 
Last edited by a moderator:

Julian

New member
Jun 25, 2019
4
0
I think you're talking about two different things. Reading your issue, you're talking about remembering the Alt-ID temporarily with a QuickPass. What Julian is talking about is an oft-discussed feature in the newsgroup: the client remembering the previous Alt-IDs you've put in for easy re-use later.
Hi,
Sorry, for my late answer.
@shanedk got it right.
I didn't think it would start such a discussion.
Personally, as I install lots of server applications, I always have multiple accounts. That's also true for emails addresses.
That's a nice to have feature.