[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Refactoring the Debtags web interface

>>>>> "Brian" == Brian May <brian@microcomaustralia.com.au> writes:

    Brian> Ben Finney wrote:
    >> I invite anyone interested in knowing how the distinct areas of
    >> identity, trust, and security intersect with the OpenID system,
    >> to research the available documentation.

    Brian> ...except openid has serious issues with establishing
    Brian> identity in a secure manner. Especially if the server
    Brian> connects to your identity provider using http (seems to be
    Brian> common practise as far as I can tell). Using http makes
    Brian> MITM attack easy. Just redirect requests to an identity
    Brian> provider that always confirms the user's identity. 

I find it deeply ironic that I'm arguing against security.  However,
let's remember that we're talking about debtags.  It's always
important to think about your threat model and about how much
complexity you're willing to spend in order to get security.

This seems like a case where usability is far more important than
security.  If the system starts getting abused, we can lock it down

If someone proposed using openid to do debian.org password resets or
to maintain the keyring, I'd be screaming up and down all over the
place.  I just don't see that the value of attacking the debtags
system warrents increased complexity and decreased usability in this


Reply to: