- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Wed, 05 Oct 2011 10:18:08 -0400
- To: Web Payments <public-webpayments@w3.org>
This talk summarizes why we feel nervous about securing traffic using OAuth 2.0 and SSL-only. Granted, many of the attacks are eavesdropping attacks, but MITM is also possible (albeit highly unlikely). In the talk, Moxie Marlinspike (I love that name) covers the current problems with our CA system and a proposal, including an implementation, of replacing the Certificate Authorities with a more trustworthy solution: http://www.youtube.com/watch?v=Z7Wl2FW2TcA The solution is here: http://convergence.io/ -- manu -- Manu Sporny (skype: msporny, twitter: manusporny) Founder/CEO - Digital Bazaar, Inc. blog: Standardizing Payment Links - Why Online Tipping has Failed http://manu.sporny.org/2011/payment-links/
Received on Wednesday, 5 October 2011 14:19:05 UTC