[OpenID] Japan Report 2008-12-13

SitG Admin sysadmin at shadowsinthegarden.com
Sat Dec 13 18:16:06 UTC 2008 

>As to the US$1 voting is concerned, that is potentially interesting,

"Hey, did ya hear about the OpenID Foundation?"
"No, what is it?"
"I have no idea, but if you pay them one dollar, you get a vote."
"Sounds like a scam to me. I can ALREADY vote."
"But this is for THEIR elections, the Board of Directors."
"So it's a popularity contest. Anyone could win. Who cares?"
"Anyone who wants to be famous, I guess."
"But surely they filter applicants? You'd have to be qualified."
"Not at all, you just find a few friends to nominate you."

>How do we make it insulated from gaming, how do we make it sure that 
>it is a free will vote, etc. are very difficult issues that needs to 
>be dealt with carefully.

If all voters live in the United States, the Postal Service seems 
most trustworthy (i.e., least vulnerable to compromise). IDP's with 
millions of users can cast millions of votes - again, this is 
trivial! I'll bet even *I* could write some code to intercept all 
OIDF communications and conceal them from the user, who continues 
using "their" OpenID oblivious to all this. Membership could be a 
problem (since it reveals physical address, and often phone number, 
enabling the Foundation to contact them directly (not through IDP 
middleman) to confirm membership/vote, and it'd be trickier to find 
several million complicit pawns), and we certainly should NEVER allow 
IDP's to act as registration portals for their users in this way - 
mass registration ahead, many quite possibly being fake!

I think a *combination* of OpenID and mail, security-theory wise, 
looks good - the Postal Service is a channel IDP's can't (easily) 
touch (especially not if they try to cover courier services such as 
FedEx or UPS), and noone in the delivery services can trivially 
compromise the OpenID's of users 'en masse'. Using physical addresses 
is a good way to have confidence that you are dealing with only one 
person per voter - the U.S. government uses this for *its* voting 
system, so it's a decent starting point with plenty of room for 
improvement. Challenges through non-OpenID channels, I think - it's 
too easy to fake return addresses or caller ID to safely issue 
challenges through OpenID and then expect that whatever non-OpenID 
response comes that appears to be the user, really is!

-Shade

More information about the general mailing list