Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^4: PerlMonks OpenID provider?

by mr_mischief (Monsignor)
on Sep 23, 2008 at 16:24 UTC ( [id://713242]=note: print w/replies, xml ) Need Help??


in reply to Re^3: PerlMonks OpenID provider?
in thread PerlMonks OpenID provider?

"Oh relax."

Please don't pretend to know my mental or emotional state from a matter-of-fact comment I made.

If you haven't heard of the weaknesses of ssh shared keys, then you probably haven't read much about Unix system security. It's a quite liberally discussed topic. If one machine on a network is compromised, then it's a network-wide problem. This is especially the case when using host keys rather than or in addition to user account keys. Guess which one OpenID is more like.

A trend does not a good idea make. There used to be paper dresses, and DDT used to be a popular pesticide. I think the classic parenting tip here is, "If Yahoo and Google jumped off a bridge, would you jump, too?"

Replies are listed 'Best First'.
Re^5: PerlMonks OpenID provider?
by RatKing (Acolyte) on Oct 06, 2008 at 15:19 UTC
    Though I fully agree, I think that the only real way of providing security is not giving anyone access. Though perfectly possible it also makes what ever you are offering quite inaccesable.

    OpenID is a easy solution that is as safe as the weakest link in the chain, as soon as that falls all that trust that link to hold will fall as well.

    Without trusing the security of a single point how can you create a security system? Exactly you cannot, with OpenID the assumption was made that the providers will stay safe... right or wrong I will not get dragged into that, but I in all honnesty rather trust groups like VeriSign to keep a key secure then trusting the post-it notes on most office computers.

    As for the original posters idea of having PM be a provider, I think they would have to be pretty stupid to even consider doing that, but if they wanted to of course it could be done.
[reply]
      Yes, you must some single point at some time. A few highly specialized and fully trusted providers might not be a horrible idea. However, the wider you cast your net for providers the more likely it is that they will not all be trustworthy or that that one will itself be insecure.

      One of the tenets of a really paranoid security policy is that those single points you must trust should be as directly under your control as is feasible. A key and pass phrase wallet at the client end fulfills that requirement nicely.

[reply]

In Section Perl Monks Discussion

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://713242]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (3)
As of 2024-04-25 05:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found