[sugar] XO identity shared via Browse
Luke Faraone
luke at laptop.org
Tue Dec 2 16:40:24 EST 2008
On Tue, Dec 2, 2008 at 16:32, Yamandu Ploskonka <yamaplos at bolinux.org>wrote:
> Also, re:spoofing, there would need to be an update of the data being
> sent, maybe changes with the clock, daily? Don't know how to keep the
> algorythm secure and still have this Open.
>
That is mistake #1: Secret algorithms are _less_ secure than open ones, as
secret ones have a smaller group of testers. There's a reason why
_everybody_ uses AES, Blowfish, and the lot; it's because they've been
publicly tested and held up to it.
OpenID, specifically, would be hard to implement in the current version of
the spec, as our devices FQDNs will be changing often. Locally, it might
work, but remote identification is a problem.
A tried-and-true way to go about this would be using Client Side
Certificates, which has found to work under browse. In addition, the user
data can be encrypted using GPG prior to transmission/storage, and if you
want escrow of data you can encrypt it for two keys.
-lf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/sugar/attachments/20081202/88f57fd7/attachment.htm
More information about the Sugar
mailing list