>>matthe+(OP)
Interesting idea. I am wondering if it can be used to provide 'proof' that a person accessing a site is really whom they they are. Potentially that would avoid the need to ask the person to install custom client certificates in the browser