Peter Palfrader wrote:
As openid provides no security whatsoever there's probably not a big
chance of us (as in DSA) hopping onto the openid hype any time soon.

openid could be secure - e.g. by enforcing https everywhere, always checking the remote certificate properly, never using passwords for authentication, etc.

Unfortunately, none of these apply to the implementations I have seen (although my openid provider does at least allow for x509 certificate authentication instead of password passed authentication).

There was a good article at <http://idcorner.org/2007/08/22/the-problems-with-openid/>, unfortunately the domain appears to be off-line now, and the archive at <http://web.archive.org/web/20080208023407/http://idcorner.org/2007/08/22/the-problems-with-openid/> is difficult to read due to bad formatting.

--
Brian May <br...@microcomaustralia.com.au>


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to