I'm jumping in without having a full understanding of OpenID here, so forgive me if I get some points wrong, but:
As I understand the BitFrost specification, OpenID is only used to extend the local authentication mechanisms (XO-to-school server) to the outside world (Google backups, etc). See: http://dev.laptop.org/git.do?p=security;a=blob;hb=HEAD;f=bitfrost.txt#l1028 The actual authentication of XOs and users is done by us outside OpenID. So the DNS weakness and MiM attacks are only valid outside our scope. For example, someone can spoof Google and/or insert themselves in between Google and the school server, and proxy the authentication and look at all the data going past. But the backups are encrypted, which mitigates this problem. They can't attack OpenID on the mesh, because OpenID isn't used there. It's impossible to get perfect security. We should look at the possible threats in the context of our uses, and perhaps the dangers are (or can be) mitigated. Local MiM attacks on the wireless network may be easy (until we implement IPv6 SEND, at least), but wired MiM attacks between (say) an IPv6 tunnel endpoint and Google will require large amounts of resources to accomplish. --scott -- ( http://cscott.net/ ) _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
