- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Fri, 10 May 2013 00:07:28 +0200
- To: Kumar McMillan <kmcmillan@mozilla.com>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, Web Payments CG <public-webpayments@w3.org>
- Message-ID: <CAKaEYhLGb2tg+WXf4Vfr4SnyK5O=vbeC=E7QRe5vEk2XxRvMNw@mail.gmail.com>
On 10 May 2013 00:05, Kumar McMillan <kmcmillan@mozilla.com> wrote: > > On May 9, 2013, at 4:55 PM, Melvin Carvalho <melvincarvalho@gmail.com> > wrote: > > > > > On 9 May 2013 23:37, Kumar McMillan <kmcmillan@mozilla.com> wrote: > >> >> On May 9, 2013, at 3:17 PM, Manu Sporny <msporny@digitalbazaar.com> >> wrote: >> >> > On 05/07/2013 02:05 PM, Melvin Carvalho wrote: >> >> https://github.com/web-payments/browser-payments/ >> >> >> >> I think perhaps there needs to be some thought about security. >> >> Maybe even a security considerations section. >> > >> > Good point, I added an issue to track this: >> > >> > https://github.com/web-payments/browser-payments/issues/9 >> > >> >> One thing that springs to mind is. If I have an email, but do not >> >> implement /.well-known/browserid would it be possible for mozilla to >> >> impersonate me and send a payment? >> > >> > The current design of Persona allows the centralized identity service >> > that they currently run to impersonate anyone on any site that uses a >> > Persona login. The underlying assumption with Persona today is that the >> > web trusts Mozilla when it comes to identity. >> > >> > Even when Persona becomes more decentralized, the underlying system will >> > still require you to trust your identity/email provider to make claims >> > about the validity of your e-mail address. >> >> This is not entirely accurate. Persona (when bootstrapped by Mozilla) >> requires you to trust the user's email provider, yes, but you have to do >> this anyway. Let's say you let a user sign up through your site and Persona >> is not involved. You must still trust their email provider to deliver the >> link that they click on for verification. Persona does not introduce >> anything less secure than this. >> > > I get this point. And this may be true in many web services, such as > twitter, but it's relatively rare that having access to someone's email > account will give them access to their bank account. > > For example my landlord has the keys to my mailbox. So in theory could > gain access to may bank account. I think it's a a simiar argument to say, > because I'm already trusting my landlord, he should be given access to my > bank account. I think most people would wish to separate concerns to an > extent. > > >> >> When fully decentralized, what Persona adds is you can verify the >> signature of someone's identity against a well known public key (that of >> the email provider); this is slightly better than simply trusting that the >> user will click on a link because they have an inbox password :) >> > > A fully decentralized Persona is quite an assumption. There's only > degrees of the centralized/decentralized balance. It's probably 99% > centralized today. It's unclear that it will ever reach a 50% > decentralized / centralized ratio (and would be quite a feat!) ... 100% > seems hard to imagine at this point. > > >> >> Some big email providers (like Yahoo) are already implementing Persona >> and more are on the way. When you get an identity assertion and you verify >> it on your backend, you could do it yourself by fetching the public keys of >> the issuer and checking the signature. Mozilla *hosts* a verification >> service for convenience and to ease uptake but it's not mandatory. Thus, >> you are not required to talk to a Mozilla server at all to use Persona. >> > > That's great news! There are many things about Persona that I like, but > it may need a bit more work before id be happy to use it for large payments. > > > There's a feature of Persona that is not documented yet (it's still > experimental) where you can "force" identity assertion to be done by a > single party. This is designed for banks where the bank will want to know > that its three factor auth + image challenge, etc, has been applied. There > are definitely scenarios like this where a decentralized approach to > identity is not secure enough and the Persona protocol will try to support > that. > Excellent! This is the kind of innovation that I was hoping for... > > > >> >> _ >> >> Anyway, identity is left out of the initial navigator.mozPay() spec >> because we think it will be hard to convince other parties to use a single >> identity provider (Google Checkout will probably want to use Google >> Accounts, for example). We made mozPay() identity agnostic and hopefully it >> can stay that way and still have a lot of functionality. Prescribing a >> single identity solution in a future version would however make several >> things easier, like customer product ownership. >> >> -Kumar >> >> > >> > Ultimately, if you are going to have identity on the web, you have to >> > trust the server running the software. :) >> > >> > -- manu >> > >> > -- >> > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) >> > Founder/CEO - Digital Bazaar, Inc. >> > blog: Meritora - Web payments commercial launch >> > http://blog.meritora.com/launch/ >> > >> >> >> > >
Received on Thursday, 9 May 2013 22:07:56 UTC