I can't sell a concept to my customer -- they need something real

I wrote a post about multi-factor authentication back in August of last year.  And the single comment that I got about the post was from a gentleman who gave a grand speech about "what we need" vs. what we have now. 

I took issue with his post on my personal blog, but I wasn't going after him on a technical level.  What bothered me was that he was trying to sell an idea, not a product.  And while I am totally and completely supportive of security research for the sake of improving the state of security, it just struck me wrong because around that time I had been hearing so many "what we need" arguments instead of "what can we do with what we have".  Anyway, the post got some play out there in the blogosphere, and it even led to a podcast with Alan and Mitchell. 

So now, a full year later, I received another comment from the original commentor.  Here's an unaltered excerpt:

I’m the one that wrote the CCS concept that Michael Farnum is attacking. He obvously has not work with the details of authentication. Knowing the problem well leads to newer tools that cn now be demonstrated. Multi-factor authentication is like increasing the size of the encryption keys while still using a weak algorithm. Smart, self-governing content is on its way and will be the paradigm shift in secuirty. I’m working on my 4th spinout company using this technology. We are focused on application specific solution for payments, certifications/validation of product life-cycle events, secure ID that can not be counterfeited like most smart cards can be, and in downloaded media (just know our approach is being evaluated by two media groups. “Reality vs. We need.”

So, let's clear this up, shall we? 

Mr. Smith,

I was not attacking your idea at all.  What I was attacking was the idea that you postulated is just what you call it - a concept.  When you include in your comment the phrase "what is needed is", then my vapor-ware sensor starts screaming.  I don't argue that it is something that is needed.  I know current authentication schemes are weak and need to be scrapped.  I applaud your efforts in trying to improve a flawed system.  And if it is a viable product that I can use NOW in typical production environments, then I beg your forgiveness.

But with all due respect, if it is only in a couple of bleeding edge companies that are working with you to develop the standard, then it is exactly what Mike Rothman called it in his comment: a future.  Now, it has been a year since that original post.  You have had a year to come up with a product if you didn't have one then.  I am willing to take a look.  But please understand that I am about solving problems now with products that exist now.  I can't sell my customer a concept.