security

Alaric Dailey alaricdailey at hotmail.com
Wed Oct 25 02:23:58 UTC 2006 

I use IMAPS and SSTMP for 2 reasons :) 

1. security
2. to get around my ISPs Fascist Firewall.

Though, I am the Uber-geek who insists people who IM me use Simp (
www.secway.fr ) or OTR ( www.cypherpunks.ca/otr ) and BOUGHT a portion of my
favorite CA.

 

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Chris Drake
Sent: Tuesday, October 24, 2006 7:08 PM
To: Martin Atkins
Cc: general at openid.net
Subject: Re[2]: security

MA> not something I'd want to inflict on all relying parties, and an 
MA> unreasonable burden on early adopters..

OpenID's a *library* - if you can't install an SSL cert, you've got utterly
zero chance of figuring out how to install OpenID.  (Vanity URL owners don't
*install* OpenID)

Security is a MUST.  "Multiple Levels" is shorthand for "won't ever
happen": how many people here use POP3s or IMAPs or even SMTP+TLS ?

Kind Regards,
Chris Drake


Wednesday, October 25, 2006, 3:34:31 AM, you wrote:

MA> Chris Drake wrote:
 >>
>> It's not *really* a pain either - paste your CSR and credit card into 
>> ipsca, and $38 + 1 minute later - you're trusted.
>> 

MA> You have a cert, but now you have to figure out how to use that cert 
MA> with whatever service you're trying to run. The first time I set up 
MA> SSL in Apache I lost an hour of my life trying to figure this out.

MA> Additionally, it's not possible for many people to deploy SSL on 
MA> their own sites because they are hosted on a third-party server with 
MA> no access to the configuration to add an SSL cert and sharing an IP 
MA> address with possibly hundreds of other sites.

MA> So yes, SSL *is* a pain for various reasons. Pain I'd expect any 
MA> reputable IdP to go through, but not something I'd want to inflict 
MA> on all relying parties, and an unreasonable burden on early adopters 
MA> who are just setting up a vanity identity URL for the fun of it.


MA> _______________________________________________
MA> general mailing list
MA> general at openid.net
MA> http://openid.net/mailman/listinfo/general



_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list