On 05/08/2009 07:27 AM, SitG Admin:
I've been trying to go from "reasonable security" to "maximum security", and it's driving me up the proverbial wall. Spoofing (of DNS), where SSL is absent, has two forms that I can see: one is to spoof the OP client-side, and that much can I can at least hold users responsible for - they need to look for that lock icon, and respond cautiously to bad certs. But it's *RP*-side that gets more complicated, if the URI itself is not served over SSL, because if the *server* gets fooled it will happily allow the "user" to authenticate with a new OP that has a perfectly valid and legitimate cert. So, while I'm not worried about a user giving away the credentials with their OP to an attacker, I *am* worried about an attacker posing as the user and tricking my server into accepting that claim.If the URI doesn't have SSL, it seems somewhat less than useless to put effort into supporting SSL for OP's. If the attacker is going to go to all the trouble of spoofing my server to pretend to be an OP, they might as well do it for the URI, in which case SSL won't help.
It's hard to spoof the delegation and server if secured over an SSL and chaining to a "trusted" root is enforced. A DNS attack on your RP would then fail which would not if the OP doesn't enforce SSL. This scenario is rather easy once the DNS server(s) are poisoned.
Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [email protected] <xmpp:[email protected]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
