On Jan 4, 2008, at 12:45 AM, Artur Bergman wrote:
On Jan 4, 2008, at 7:28 AM, Trevor Johns wrote:
6. I can't see how this can be used securely. DNS is highly
vulnerable
to attack.
Which is why the internet isn't working at all. Ever, Never!
Hey, that's not fair!
DNS is well designed
On Jan 4, 2008, at 12:07 PM, Trevor Johns wrote:
On Jan 4, 2008, at 1:59 AM, Artur Bergman wrote:
Fair or not, I am tired of hearing how un-secure DNS, when
everything we do is based on it, and it being the worlds largest
working distributed database.
There's a difference between
On Jan 4, 2008, at 10:16 AM, Trevor Johns wrote:
On Jan 4, 2008, at 12:45 AM, Artur Bergman wrote:
On Jan 4, 2008, at 7:28 AM, Trevor Johns wrote:
6. I can't see how this can be used securely. DNS is highly
vulnerable
to attack.
Which is why the internet isn't working at all. Ever,
On Jan 4, 2008, at 1:59 AM, Artur Bergman wrote:
Fair or not, I am tired of hearing how un-secure DNS, when
everything we do is based on it, and it being the worlds largest
working distributed database.
There's a difference between working and secure. For example, email
works great but
On Jan 3, 2008, at 6:03 PM, Hallam-Baker, Phillip wrote:
NAPTR is an ietf proposed standard but there is no deployed base.
well, there certainly are deployed bases where i sit, since we have
DNS zones in operation with well over 40M entries... most of which
are NAPTR RR's, and many, many
This thread is dipping into a proposal I recently made at the IETF bar-BOF on
leveraged authentication. I also make the same set of points in my book, The
dotCrime Manifesto: How to Stop Internet Crime, which is officially to be
published on Monday but is actually shipping from Amazon from
On Jan 4, 2008, at 3:14 AM, Artur Bergman wrote:
You can always go out and use DNSSEC.
That would certainly be a solution. However, isn't DNSSEC not yet
widely deployed?
Isn't this just a lookup of email address - openid/url that is then
handled as a normal openid login?
I'm not sure I
I'm sorry, Phillip, we're not going to let you get away with that one.
Drummond already asked you about what you are talking about w/r/t IPR
commitments, and I haven't seen a reply. All IPR commitments for XRI are in
place and have been for quite a while. I encourage you to review the RF on
On Jan 4, 2008, at 6:29 PM, Trevor Johns wrote:
You can always go out and use DNSSEC.
That would certainly be a solution. However, isn't DNSSEC not yet
widely deployed?
bingo, the world hasn't seen the need for it
Isn't this just a lookup of email address - openid/url that is
then
On the contrary, you require the SSL certificate to match the domain of the
identifier being authenticated and the problem is solved.
Alternatively you use a scheme such as SAML to perform the authentication which
would provide more flexibility than a transport layer security model.
One reason
You can use domain validated SSL certificates or DNSSEC here. Either is
sufficient.
There is no technology gap here.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Artur Bergman
Sent: Friday, January 04, 2008 6:14 AM
To: Trevor Johns
Cc:
11 matches
Mail list logo
