W3C home > Mailing lists > Public > public-webpayments@w3.org > October 2011

SSL and the Future of Authenticity

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Wed, 05 Oct 2011 10:18:08 -0400
Message-ID: <4E8C6720.7030609@digitalbazaar.com>
To: Web Payments <public-webpayments@w3.org>
This talk summarizes why we feel nervous about securing traffic using 
OAuth 2.0 and SSL-only. Granted, many of the attacks are eavesdropping 
attacks, but MITM is also possible (albeit highly unlikely). In the 
talk, Moxie Marlinspike (I love that name) covers the current problems 
with our CA system and a proposal, including an implementation, of 
replacing the Certificate Authorities with a more trustworthy solution:


The solution is here:


-- manu

Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Standardizing Payment Links - Why Online Tipping has Failed
Received on Wednesday, 5 October 2011 14:19:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:29 UTC