On 05/18/2013 12:08 PM, Olivier Berger wrote:
> We do verify such trust chains every day for db.debian.org AFAIU (and of
> course for uploads)... so provided a GPG public key is in our keyrings,
> it can be used to "certify" a WebID document, by verifying that it has
> been signed by the correct G
Olivier Berger writes:
> Russ Allbery writes:
>> Oh, absolutely. If you are in a position to verify PPG signatures from
>> the user, you can of course use PGP as the authentication method, at
>> which point you don't need to trust anything other than PGP. The
>> problem, of course, is that thi
Hi.
Thanks for your valuable feedback.
Russ Allbery writes:
> Olivier Berger writes:
>> Russ Allbery writes:
>
>> May I suggest you forward this to the WebID list so that more informed
>> experts can react ? This seems a very interesting problem, and certainly
>> not Debian-related (I could f
Simon McVittie writes:
> By way of context, OpenID originated on Livejournal as a way to have
> federation between blogging platforms (e.g. other sites running the
> Livejournal codebase). At the time, https was considered sufficiently
> expensive that LJ didn't even use it to secure login, let a
Olivier Berger writes:
> Russ Allbery writes:
>> ober...@debian.org writes:
>>> I'm not sure I understand all aspects of the recent evolutions of the
>>> WebID auth protocols nor the big picture, but my understanding is that
>>> to auth to a server using a WebID (i.e. a URI pointing to a RDF
>>>
On 17/05/13 17:36, Olivier Berger wrote:
>> The only way to prevent this attack in WebID that I see is to either do
>> leap-of-faith permanent caching [...] or
>> to secure the connection to my identity URI.
>
> I wonder how OpenID, for instance, is supposed to resist to such
> attacks, in compari
Hi.
Russ Allbery writes:
> ober...@debian.org writes:
>> I'm not sure I understand all aspects of the recent evolutions of the
>> WebID auth protocols nor the big picture, but my understanding is that
>> to auth to a server using a WebID (i.e. a URI pointing to a RDF document
>> which declares
7 matches
Mail list logo
