security
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Oct 23 02:25:24 UTC 2006
Dick Hardt wrote:
> Lots of people would consider those sites to be really useful! ...
> but that is off-topic. :-)
>
Yes...also we do...but that's indeed off-topic ;-)
> In 1994, people forecasting we would be doing online banking, but it
> was several years before that happened.
>
> Similarly, I see OpenID being used in pretty straightforward
> applications initially, and then in more sensitive applications as
> the technology matures and it is understood.
>
> There is a pretty straight forward extension mechanism for OpenID. I
> foresee the use of DNSSEC and PKI in the future with OpenID. Same
> general conversation, but with significantly more security.
>
Excellent! This is what it should be, to start with...
> In other words, we start with the low risk areas where a boo-boo
> won't be disastrous. We add layers of security over time and a site
> dials up the amount of security they require for their application.
>
> Please have patience. We are all wanting the same thing. It is
> important to deal with the reality of who will deploy solutions like
> this today and get OpenID 2.0 out the door.
>
No problem. However the required changes actually would be minimal to
the specs and requiring SSL would be a good start...This would others
allow to join really. Why not deal with some of the weak designs now?
Personally I would be much in favor for this...obviously...
> It would be great for you guys to help design extensions that are
> more secure for the future.
>
Absolutely! We got involved, because we want to be a help, not to be a
pain in the a**. I think, we could start with part of it now (SSL
perhaps) and continue with other security design features later. I would
have here a few ideas for that, which would be protocol/flow specific...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/924591e6/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/924591e6/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/924591e6/attachment-0002.bin>
More information about the general
mailing list