OpenID Auth 2.0 security considerations

Johannes Ernst jernst+openid.net at netmesh.us
Tue Jan 23 23:26:43 UTC 2007 

Me too ;-)

There are tradeoffs, no question -- and I used the verb "suggest" to  
indicate only a weak preference, on balance.

On Jan 23, 2007, at 14:19, Hallam-Baker, Phillip wrote:

> I get really worried whenever I see such statements. They tend to  
> be the sign of a long drawn out specification effort rather than a  
> short one.
>
> If you want to change the Internet you have a lot of gatekeepers to  
> convince. Deciding that you don't have time to do that is usually a  
> mistake.
>
> The key is to understand which parties are really gatekeepers and  
> which are not. Two gatekeepers that must be convinced here are the  
> security cabal and the open source community.
>
>> -----Original Message-----
>> From: specs-bounces at openid.net
>> [mailto:specs-bounces at openid.net] On Behalf Of Johannes Ernst
>> Sent: Tuesday, January 23, 2007 3:57 PM
>> To: Recordon, David
>> Cc: specs at openid.net
>> Subject: Re: OpenID Auth 2.0 security considerations
>>
>> Given where we are in time, I would suggest to make the
>> smallest amount of changes possible to the document, i.e.
>> leave everything as is, just add this one link.
>>
>>
>> On Jan 23, 2007, at 11:59, Recordon, David wrote:
>>
>>> I don't see a problem with that.
>>>
>>> Would you propose the majority of the security
>> considerations section
>>> in the current draft be moved to the wiki?  What would be
>> the balance
>>> between spec and wiki page?
>>>
>>> --David
>>>
>>> -----Original Message-----
>>> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
>>> Behalf Of Johannes Ernst
>>> Sent: Monday, January 22, 2007 12:15 PM
>>> To: specs at openid.net
>>> Subject: OpenID Auth 2.0 security considerations
>>>
>>> What about a non-normative link from the spec to a place on
>> the wiki
>>> where we can collect security considerations for it, and
>> update those
>>> in real-time as discussions such as the phishing one progress.
>>>
>>>
>>>
>>> _______________________________________________
>>> specs mailing list
>>> specs at openid.net
>>> http://openid.net/mailman/listinfo/specs
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>>

More information about the specs mailing list