Re: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
-- James A. Donald nor is PKI useful in solving phishing. PKI is a solution that has been tried and has failed. It has become an obstacle, as commercial interests actively block alternatives that do not involve a small number of centralized authorities with a special privilege that enables them to intrude between client and server and charge the server. Hallam-Baker, Phillip wrote: On the contrary, PKI is the basis of the security infrastructure that so far has provided the greatest defense against Internet crime - SSL. Most of the time that I login, or pay by credit card, or some such, I am bounced to some weird URL that has no easily provable connection to business I am trying to interact with, which means that PKI is in practice merely an exorbitantly slow and inefficient Diffie-Hellman key-exchange. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG ERRvvxIr3Rz1ZnlX/LG8m/wkPWR/RhhqcWfDRyI1 403xuw3aJ0JGZbaY+1qh/4rydpyimpbcM8a2SNF9D ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
-- Ka-Ping Yee [mailto:[EMAIL PROTECTED] In practice SSL is primarily used to establish an encrypted channel between endpoints, not to establish reliable reciprocal identification. Given that almost no users pay any attention to certificates, what reason do we have to believe that SSL succeeds because of PKI, rather than in spite of it? Hallam-Baker, Phillip SSL achieves the original security goals set for it. Which were defined to fit what PKI does, not what the user needs. The user needs proof of relationship, not proof of true name. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG qVkusWoDPirkBhjZe5MXwUDyBHO4LxZCWStLyKpA 4JVAsnPJ0MmTZsUwSsCOYR37FKrlG3DPXGBozt+Kh ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Laurie More importantly, I think I have a solution that will make both of us happy, but I now have to go and ride my motorbike fast, so I'll detail it later. Now there is an exit line to tempt the Gods. The only way that I can see that you are going to circumvent an attempt using existing browser capabilities is to introduce a malicious login page is through use of some form of shared secret such as a picture of a cuddly animal chosen by the user or Secure Letterhead. Letterhead requires a browser upgrade so it breaks the 'existing capabilities' constraint. If you change the browser you might as well really change the browser and use a strong authentication mechanism based on PKI I think we need to take another look at the 'change the browser' case and make sure that we can take full advantage if the browser is changed. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
On 1/22/07, Hallam-Baker, Phillip [EMAIL PROTECTED] wrote: [mailto:[EMAIL PROTECTED] On Behalf Of Ben Laurie More importantly, I think I have a solution that will make both of us happy, but I now have to go and ride my motorbike fast, so I'll detail it later. Now there is an exit line to tempt the Gods. The only way that I can see that you are going to circumvent an attempt using existing browser capabilities is to introduce a malicious login page is through use of some form of shared secret such as a picture of a cuddly animal chosen by the user or Secure Letterhead. How is this kind of shared secret a defence against a MitM? Letterhead requires a browser upgrade so it breaks the 'existing capabilities' constraint. If you change the browser you might as well really change the browser and use a strong authentication mechanism based on PKI I'm sure you meant to say based on asymmetric cryptography. I think we need to take another look at the 'change the browser' case and make sure that we can take full advantage if the browser is changed. Damn straight. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
On 1/22/07, Hallam-Baker, Phillip [EMAIL PROTECTED] wrote: From: Ben Laurie [mailto:[EMAIL PROTECTED] The only way that I can see that you are going to circumvent an attempt using existing browser capabilities is to introduce a malicious login page is through use of some form of shared secret such as a picture of a cuddly animal chosen by the user or Secure Letterhead. How is this kind of shared secret a defence against a MitM? Good question to address to those vendors selling such schemes. There are controls that can be put in place to control attempts to capture the shared secret but these rely on a lot of active defense infrastructure that it is dangerous to assume could be deployed by low end IdPs. The bigger problem is getting users to insist on the display of their secret before entering their details. Witness the recent rash of phishing attacks against these schemes. Letterhead requires a browser upgrade so it breaks the 'existing capabilities' constraint. If you change the browser you might as well really change the browser and use a strong authentication mechanism based on PKI I'm sure you meant to say based on asymmetric cryptography. No, any time you have a trusted key you have an infrastructure. Well, if you count give a copy of the public key to the OP as infrastructure, then sure. Some infrastructures have much higher costs than others. Support for offline verification as the Kohnfelder architecture attempts is very expensive. Key centric architectures are much lighter weight. The reason I state PKI is not to say 'it must be X.509', its because PKIX got the way it did largely because people underspecified and underarchitected in the beginning and then a bunch of folk resisted necessary features rather than working out early on how to accommodate them. The result being a series of extensions on extensions and no overall coherence. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
Hallam-Baker, Phillip If you change the browser you might as well really change the browser and use a strong authentication mechanism based on PKI Ben Laurie I'm sure you meant to say based on asymmetric cryptography. Hallam-Baker, Phillip No, any time you have a trusted key you have an infrastructure. No you do not, nor is PKI useful in solving phishing. PKI is a solution that has been tried and has failed. It has become an obstacle, as commercial interests actively block alternatives that do not involve a small number of centralized authorities with a special privilege that enables them to intrude between client and server and charge the server. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
SSL achieves the original security goals set for it. SSL does not achieve every security goal, that is not a failure. Certainly there are no grounds for the claim PKI has failed when it has succeeded in its original limited goals. I agree that the original goals were too narrow. That is an argument I made ten years ago. This is partly about correcting that original mistake. -Original Message- From: Ka-Ping Yee [mailto:[EMAIL PROTECTED] Sent: Monday, January 22, 2007 3:05 PM To: Hallam-Baker, Phillip Cc: James A. Donald; Ben Laurie; specs@openid.net; openid-general; heraldry-dev@incubator.apache.org Subject: Re: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11 On Mon, 22 Jan 2007, Hallam-Baker, Phillip wrote: On the contrary, PKI is the basis of the security infrastructure that so far has provided the greatest defense against Internet crime - SSL. Judged by any rational set of standards SSL has been the most successful security protocol of all time. The costs of the PKI infrastructure are negligible compared to the value of the commerce it supports. In practice SSL is primarily used to establish an encrypted channel between endpoints, not to establish reliable reciprocal identification. Given that almost no users pay any attention to certificates, what reason do we have to believe that SSL succeeds because of PKI, rather than in spite of it? By what rational set of standards do you evaluate PKI -- how frequently it is used, or how much fraud it actually prevents? -- ?!ng ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
On Mon, 22 Jan 2007, Hallam-Baker, Phillip wrote: On the contrary, PKI is the basis of the security infrastructure that so far has provided the greatest defense against Internet crime - SSL. Judged by any rational set of standards SSL has been the most successful security protocol of all time. The costs of the PKI infrastructure are negligible compared to the value of the commerce it supports. In practice SSL is primarily used to establish an encrypted channel between endpoints, not to establish reliable reciprocal identification. Given that almost no users pay any attention to certificates, what reason do we have to believe that SSL succeeds because of PKI, rather than in spite of it? By what rational set of standards do you evaluate PKI -- how frequently it is used, or how much fraud it actually prevents? -- ?!ng ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs