Re: Recovery of compromised WebID from Jonas Smedegaard on 2019-03-04 (public-webid@w3.org from March 2019)

From: Jonas Smedegaard <jonas@jones.dk>
Date: Mon, 04 Mar 2019 10:01:11 +0100
To: Martynas Jusevi??ius <martynas@atomgraph.com>, Sebastian Hellmann <hellmann@informatik.uni-leipzig.de>
Cc: Kingsley Idehen <kidehen@openlinksw.com>, public-webid@w3.org
Message-ID: <155169007151.19101.15954079654912835216@auryn.jones.dk>

Quoting Sebastian Hellmann (2019-03-04 09:20:54)
> Hi Martynas,
> 
> On 04.03.19 00:00, Martynas Jusevičius wrote:
> > I understand your concern, but is that within the scope of an 
> > identity protocol? Sounds more like identity theft problem.
> >
> > If I seize your computer (which is arguably easier than seizing a 
> > server) and start using your OpenID, would the effect not be the 
> > same?
> >
> That is not the point here. My main point is, that there is plenty of 
> motive (personal, commercial or just for fun) AND opportunity. I fell 
> like having a WebID in its current form and also a solid box is like 
> leaving valuables open in your car and then announcing where you left 
> it. Like they would open your BMW electronically, there are also 
> experts who now server exploits.
> 
> In the form it is now, just the fact that you have a WebID and a solid 
> box might increase the number of hacking attacks, port scanners, etc. 
> on your server. It would be equivalent to the attacks your browser has 
> to withstand.
> 
> My laptop is hardware encrypted, my browser has an extra password. So 
> there are two good "even if" . I am missing these "even ifs" after you 
> remove the first layer of security of WebID.

Here you go: "Even if hosting of WebID Document is done securely."

The point is that your concerns are about web hosting in general.

"What if web hosting is fundamentally insecure?" is not about WebID - it 
_affects_ WebID along with all other things relying on Web hosting.


> a script kiddie could find an exploit on your server

You are talking about web hosting in general.


> > identity protocol? Sounds more like identity theft problem.
> 
> WebID - an identity protocol that creates new motives and 
> opportunities for identity theft.

"The Web - yet another space for malice like identity theft."


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Received on Monday, 4 March 2019 09:01:58 UTC