[sldev] OpenID & SSL certificates

Dzonatas dzonatas at dzonux.net
Tue Oct 2 16:44:14 PDT 2007


Argent Stonecutter wrote:
> On 02-Oct-2007, at 12:41, Dzonatas wrote:
>> Does the mere attempt to move authentication (as it exists now) from 
>> the viewer to the web-site change anything?
>
> Absolutely.

It is an illusion. One is 2D and the other is virtual 3D on 2D.


>
> Given that it's using plaintext passwords over an unencrypted 
> connection, there's nowhere to go but up. I just want to make sure 
> that the road leading upward doesn't end up in a dead end.

The best anti-phishing mechanism still does not solve the bottom line 
goal of anti-fraud. It is not just the login that matters, but there is 
the need to verify identity. The login itself can not help verify real 
identity, as it just allows anyone pass that knows the secret word. The 
login does, however, need to be implemented in a way that people can 
still enjoy anonymity.

If someone breaks the login, then we are screwed if there is no 
anti-fraud measure. It would be comparable to the famous disruption at 
the Anshe Chung interview... they couldn't stop it or tell who really 
caused it!

It could have been worse (legally) especially if the teen grid and main 
grid were united. (Yes, I would love to see these grids united, as 
families belong together!)

-- 
Power to Change the Void


More information about the SLDev mailing list