W3C home > Mailing lists > Public > public-webpayments@w3.org > October 2011

Re: SSL and the Future of Authenticity

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Wed, 05 Oct 2011 10:51:09 -0400
Message-ID: <4E8C6EDD.2080609@openlinksw.com>
To: public-webpayments@w3.org
On 10/5/11 10:18 AM, Manu Sporny wrote:
> This talk summarizes why we feel nervous about securing traffic using 
> OAuth 2.0 and SSL-only. Granted, many of the attacks are eavesdropping 
> attacks, but MITM is also possible (albeit highly unlikely). In the 
> talk, Moxie Marlinspike (I love that name) covers the current problems 
> with our CA system and a proposal, including an implementation, of 
> replacing the Certificate Authorities with a more trustworthy solution:
>
> http://www.youtube.com/watch?v=Z7Wl2FW2TcA
>
> The solution is here:
>
> http://convergence.io/
>
> -- manu
>
Manu,

How does that differ from WebID's authentication protocol? Remember the 
goal here isn't just "Trust" but "Dexterous Trust".

How does this solution handle a thief in possession of my Private Key?

-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen








Received on Wednesday, 5 October 2011 14:51:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 5 October 2011 14:51:48 GMT