Refactoring the Debtags web interface
Sam Hartman
hartmans at debian.org
Tue Feb 24 03:19:21 UTC 2009
>>>>> "Brian" == Brian May <brian at microcomaustralia.com.au> writes:
Brian> Ben Finney wrote:
>> I invite anyone interested in knowing how the distinct areas of
>> identity, trust, and security intersect with the OpenID system,
>> to research the available documentation.
>>
Brian> ...except openid has serious issues with establishing
Brian> identity in a secure manner. Especially if the server
Brian> connects to your identity provider using http (seems to be
Brian> common practise as far as I can tell). Using http makes
Brian> MITM attack easy. Just redirect requests to an identity
Brian> provider that always confirms the user's identity.
I find it deeply ironic that I'm arguing against security. However,
let's remember that we're talking about debtags. It's always
important to think about your threat model and about how much
complexity you're willing to spend in order to get security.
This seems like a case where usability is far more important than
security. If the system starts getting abused, we can lock it down
more.
If someone proposed using openid to do debian.org password resets or
to maintain the keyring, I'd be screaming up and down all over the
place. I just don't see that the value of attacking the debtags
system warrents increased complexity and decreased usability in this
instance.
--Sam
More information about the Debtags-devel
mailing list