security

[Eddy Nigg (StartCom Ltd.)]

Scott Kveton wrote:
> Eddy, Chris, James, Alaric: I appreciate that you have concerns with
> possible security issues with OpenID.  I'd _really_ appreciate some possible
> solutions.
>   
Well, I think we all tried...We provided an existing and common
solution, which could provide one/another line of defense...(BTW, most
of the other guys I don't know, so this is not a concerted spam effort
from me, but obviously there are others thinking the same). But it
seems, that the wrong guys think like I do...
> Let's keep the focus here on helping make OpenID the solution that solves
> the single sign-on problem.  That's what this list is for.
>   
Right! One of the risks of single sign-on is perhaps the issue
itself...i.e. You need to crack it only once in order to gain access to
everywhere...That's at least my understanding so far. So I'd say better
worry now, than sorry later....

But - you are right! Whoever says next time the word SSL or HTTPS gets
thrown out of the list! It's not going to be - end of story! No more
SSL, SSH, HTTPS, IMAPS, POPS....and guess anything else that starts or
ends with S too....

<Smile> :-) </Smile>
-- 
Regards
 
Signer:      Eddy Nigg, StartCom Ltd.
Phone:       +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061025/a7f4a8d8/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061025/a7f4a8d8/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061025/a7f4a8d8/attachment-0002.bin>