[Server-devel] OpenID - status?
C. Scott Ananian
cscott at cscott.net
Tue Jul 10 09:37:41 EDT 2007
I'm jumping in without having a full understanding of OpenID here, so
forgive me if I get some points wrong, but:
As I understand the BitFrost specification, OpenID is only used to
extend the local authentication mechanisms (XO-to-school server) to
the outside world (Google backups, etc).
See: http://dev.laptop.org/git.do?p=security;a=blob;hb=HEAD;f=bitfrost.txt#l1028
The actual authentication of XOs and users is done by us outside
OpenID. So the DNS weakness and MiM attacks are only valid outside
our scope. For example, someone can spoof Google and/or insert
themselves in between Google and the school server, and proxy the
authentication and look at all the data going past. But the backups
are encrypted, which mitigates this problem. They can't attack OpenID
on the mesh, because OpenID isn't used there.
It's impossible to get perfect security. We should look at the
possible threats in the context of our uses, and perhaps the dangers
are (or can be) mitigated. Local MiM attacks on the wireless network
may be easy (until we implement IPv6 SEND, at least), but wired MiM
attacks between (say) an IPv6 tunnel endpoint and Google will require
large amounts of resources to accomplish.
--scott
--
( http://cscott.net/ )
More information about the Server-devel
mailing list