W3C home > Mailing lists > Public > public-webpayments@w3.org > October 2011

SSL and the Future of Authenticity

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Wed, 05 Oct 2011 10:18:08 -0400
Message-ID: <4E8C6720.7030609@digitalbazaar.com>
To: Web Payments <public-webpayments@w3.org>
This talk summarizes why we feel nervous about securing traffic using 
OAuth 2.0 and SSL-only. Granted, many of the attacks are eavesdropping 
attacks, but MITM is also possible (albeit highly unlikely). In the 
talk, Moxie Marlinspike (I love that name) covers the current problems 
with our CA system and a proposal, including an implementation, of 
replacing the Certificate Authorities with a more trustworthy solution:

http://www.youtube.com/watch?v=Z7Wl2FW2TcA

The solution is here:

http://convergence.io/

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Standardizing Payment Links - Why Online Tipping has Failed
http://manu.sporny.org/2011/payment-links/
Received on Wednesday, 5 October 2011 14:19:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 5 October 2011 14:19:06 GMT