If we're up for changing the standard, why not go with something that's significantly better than pass the hash, like some form of public-key crypto?
Having <input type='challenge' algo='xxx' challenge='reallylongrandomchallengetoken'> would work better than yours, I think?
There's also nothing stopping the user using a "password", where that password is fed through a KDF and then used to generate the relevant private key (all done client side) -- but this is only as strong as the password used, so a really savvy user would just generate the private-key really well, and store that in a similar way to the way SSH keys are stored (i.e. passphrase). Non-savvy users can generate it a-fresh every time.
But aren't we just re-implementing client-side SSL certifications?
Having <input type='challenge' algo='xxx' challenge='reallylongrandomchallengetoken'> would work better than yours, I think?
There's also nothing stopping the user using a "password", where that password is fed through a KDF and then used to generate the relevant private key (all done client side) -- but this is only as strong as the password used, so a really savvy user would just generate the private-key really well, and store that in a similar way to the way SSH keys are stored (i.e. passphrase). Non-savvy users can generate it a-fresh every time.
But aren't we just re-implementing client-side SSL certifications?