security

Alaric Dailey alaricdailey at hotmail.com
Mon Oct 23 01:09:49 UTC 2006 

I think I have to agree with James and Eddy.

If it is secured from the beginning, you don't have to retrofit it later.  I
believe that it was Bruce Schneier that said something to the effect of
'security is next to implement properly after the fact'.  As a programmer I
have found this to be VERY true.

Security is almost never boolean, you can only make it as secure as
possible. From my standpoint, in this day and age, every thing should be as
secure as possible.  Just to demonstrate this point, the very first thing I
do when installing a new copy of Windows is install the NSA security policy.

Secure it as best as possible, and you have less to fix later, it's easier
to close small holes than big ones. Finally it's much easier to make a
change to a pending standard than it is to an existing standard.


Basically, if you need security at all, you need it everywhere.  Which bit
of information should an attacker pay more attention to, the 1 encrypted
message amongst hundreds or thousands of unencrypted messages, or try to
pick 1 of message of thousands of encrypted messages to attack.


 

-----Original Message-----
From: Recordon, David [mailto:drecordon at verisign.com] 
Sent: Sunday, October 22, 2006 5:24 PM
To: Alaric Dailey; Dick Hardt; general at openid.net
Subject: RE: security

Alaric,
I think both you and Dick are right.  Don't get me wrong, security is very
important to see anything like OpenID be adopted.  I think the point Dick is
trying to make is that security needs to scale depending on context, or at
least that is the point I'd try to make.

Starting with 2.0, or 1.2 whatever we end up calling it, I personally would
not use an Identity Provider which does not both host my identifier and it's
server endpoint via a valid SSL certificate.  There are however use cases
where SSL is not required, running OpenID solely on an intranet for example,
but for the majority of cases SSL is highly recommended which I think the
spec makes clear.  If it doesn't, please let us know!

So I don't think security is binary, IMHO what is important is that the spec
makes it clear where the weaknesses are, how to protect them, and recommends
the use of things like valid SSL certificates for the entire protocol flow.

--David

<snip/>

More information about the general mailing list