On 10/5/11 10:18 AM, Manu Sporny wrote: > This talk summarizes why we feel nervous about securing traffic using > OAuth 2.0 and SSL-only. Granted, many of the attacks are eavesdropping > attacks, but MITM is also possible (albeit highly unlikely). In the > talk, Moxie Marlinspike (I love that name) covers the current problems > with our CA system and a proposal, including an implementation, of > replacing the Certificate Authorities with a more trustworthy solution: > > http://www.youtube.com/watch?v=Z7Wl2FW2TcA > > The solution is here: > > http://convergence.io/ > > -- manu > Manu, How does that differ from WebID's authentication protocol? Remember the goal here isn't just "Trust" but "Dexterous Trust". How does this solution handle a thief in possession of my Private Key? -- Regards, Kingsley Idehen President& CEO OpenLink Software Web: http://www.openlinksw.com Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca: kidehen
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 5 October 2011 14:51:48 GMT