Posted by: Nathan Willis
on March 27, 2007 10:17 PM
I'm not here to defend the structure of the entire OpenID authentication process, but it sounds like what you're suggesting boils down to the criticism "if the entire process is maliciously compromised, then it fails to work" -- which is tautological. Name a security system of any kind that continues to *work* when it is *broken.*
I don't see how that truism constitutes a "weak spot" in OpenID's design. A weak spot would be a specific attack vector, not the idea that if one exists, then the system can fail.
But maybe I'm just not understanding the specifics of your proposed scenario.
Learn about Linux
Download Linux
Get Linux help
Re:The Weak Spot
Posted by: Nathan Willis on March 27, 2007 10:17 PMI don't see how that truism constitutes a "weak spot" in OpenID's design. A weak spot would be a specific attack vector, not the idea that if one exists, then the system can fail.
But maybe I'm just not understanding the specifics of your proposed scenario.
Nate
#