[security] DNS-SEC the solution?
SitG Admin
sysadmin at shadowsinthegarden.com
Fri Aug 8 21:33:25 UTC 2008
>and would also reduce or
>eliminate the need for an OP since the client software could sign the
>messages directly if it had the private key.
I would hope for "reduce" - again, leaving the option available to
those of us who are more security-conscientious to have multiple
passwords, and making the OP's secondary signators to our
authentication. That way, breaking only one key would only offer a
relatively "weak" authentication.
My usage of "weak" is from "strong" in this message:
http://openid.net/pipermail/general/2008-July/005115.html
I imagine single-OP authentication being sufficient for leaving
comments (so an attacker could have those), dual-OP authentication
being required for *deleting* (or editing) comments (more tricky for
an attacker), and triple (or more) OP authentication necessary for
banking, etcetera.
-Shade
More information about the security
mailing list