The thread on DoS in dmd0 got me thinking about the meaning of the verification step in dmd0. As stated in that thread, the verification step might be a concern, since a membersite may be blocking on a response from an unknown homesite. I started to think about eliminating the verification (and the signature that goes with it). What requirement is the verification step meeting?
At the most basic level, a DIX protocol is simply providing a convenient way to transfer a set of self-asserted attributes from the user to the membersite - by way of the homesite. In this model the homesite is simply storing the attributes on the user behalf and, consistantly with Identity Law #1, revealing them only with the user's consent. It does not do any checking that they correctly represent the user in any way.
At this level the only thing the signature means is "I sent this exact set of attributes because the user asked me to." This just doesn't seem very useful to the membersite. The entire set of attributes could be replaced by a MITM that runs its own homesite, or that has an account at the specified homesite.
Can we agree that for this level of requirement, the signature and verification are not required?
Things get more interesting when properties (attributes) like Persona URL come into play. I'll try to write up some thoughts on that tomorrow.
Terry Hayes
AOL Corp.
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
