- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Wed, 05 Oct 2011 10:51:09 -0400
- To: public-webpayments@w3.org
- Message-ID: <4E8C6EDD.2080609@openlinksw.com>
On 10/5/11 10:18 AM, Manu Sporny wrote: > This talk summarizes why we feel nervous about securing traffic using > OAuth 2.0 and SSL-only. Granted, many of the attacks are eavesdropping > attacks, but MITM is also possible (albeit highly unlikely). In the > talk, Moxie Marlinspike (I love that name) covers the current problems > with our CA system and a proposal, including an implementation, of > replacing the Certificate Authorities with a more trustworthy solution: > > http://www.youtube.com/watch?v=Z7Wl2FW2TcA > > The solution is here: > > http://convergence.io/ > > -- manu > Manu, How does that differ from WebID's authentication protocol? Remember the goal here isn't just "Trust" but "Dexterous Trust". How does this solution handle a thief in possession of my Private Key? -- Regards, Kingsley Idehen President& CEO OpenLink Software Web: http://www.openlinksw.com Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca: kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Wednesday, 5 October 2011 14:51:47 UTC