Stéphane Glondu <glondu@debian.org> writes:
> Le 17/05/2013 17:43, Russ Allbery a écrit :
>> [...]
>> 4. Hijack that metadata identity request so that it goes to their server
>> instead of mine. This can be done in any number of ways (DNS cache
>> poisoning, compromise of www.eyrie.org, compromise of my account on
>> www.eyrie.org, TCP active MITM, etc.) depending on the situation.
>> [...]
>> The obvious way to authenticate the connection to www.eyrie.org to
>> retrieve my metadata is to validate the www.eyrie.org certificate against
>> a CA, which is where the CA cartel is reintroduced into the picture.
> But if www.eyrie.org is compromised (as you seem to allow), then having
> a CA-certified certificate won't help, will it?
I think you read past the bit where I addressed that point. (I buried it
in another paragraph, so that's not really surprising. Sorry!)
If that endpoint is compromised, WebID loses in general (and probably
can't be expected to defend against that). However, other major
authentication systems are at least robust against DNS poisoning and
TCP MITM.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>