- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 21 Feb 2014 16:07:24 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>, public-webpayments@w3.org
On 2014-02-21 14:13, Manu Sporny wrote: > On 02/17/2014 10:35 AM, Anders Rundgren wrote: >> I believe any TTP-based identity-provider can impersonate their >> clients if they really want. U2F could eliminate this since it >> doesn't build on a central authority. > > Unless I'm missing something, U2F is still susceptible to the malicious > TTP attack. Someone has to hold the list of your public keys, that > organization can add new public keys at will. If the organization can > add public keys, they can just add their own and fake your identity if > they so desire. A U2F key is only intended (able) to authenticate you to a specific site. If this site in turn vouches for you (like your account) they could do evil. This would be similar to a bank stealing money from their own customers. > >> There are though HUGE disadvantages of not using TTPs, particularly >> if you lose your keys. > > Yep. > >> IMO, U2F's privacy model doesn't pass the litmus test because without >> a valid e-mail address there's very little a service provider can >> offer. > > I don't understand the specifics of what you're saying, could you > elaborate, please? Well, the idea is that by having a unique key at each site the sites can't track you. If sites require a verified e-mail address the unique key add no privacy unless you have a huge number of e-mail addresses. It's the classic theory versus practice :-) Anders > > -- manu >
Received on Friday, 21 February 2014 15:08:01 UTC