security
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Oct 23 18:13:59 UTC 2006
Dick Hardt wrote:
> Eddy, I am not sure you understand how OpenID works. Provided there is
> an SSL connection to the Homesite/IdP, none of that data is
> compromised. No personal data is moved in the connection between the
> user and the RP.
Thanks for the flowers... :-) , but without getting into this much more
in details ,a home site might store (and request) more than just the
user name and password, but more personal details. The might be true for
RP's as well. Once gained access, anything would be open to the
"user"...SSL should give sufficient protection against sniffing and to a
certain extend for MITM attacks...I never claimed, that personal data is
moved (currently) between the user and RP...
>
> -- Dick
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/365fef0e/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/365fef0e/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/365fef0e/attachment-0002.bin>
More information about the general
mailing list