[153496] in North American Network Operators' Group
Re: LinkedIn password database compromised
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Jun 7 15:26:37 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAEE+rGq3bmL=aTW0ZQpybsircnNbLzVpvuAm5diLcoa2yFfWYg@mail.gmail.com>
Date: Thu, 7 Jun 2012 12:24:00 -0700
To: "Aaron C. de Bruyn" <aaron@heyaaron.com>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 6, 2012, at 11:14 PM, Aaron C. de Bruyn wrote:
> On Wed, Jun 6, 2012 at 8:34 PM, Jimmy Hess <mysidia@gmail.com> wrote:
>> Which digital id architecture should web sites implement, and what's
>> going to make them all agree on one SSO system and move from the
>> current state to one of the possible solutions though? :)
>>
>> A TLS + Client-Side X.509 Certificate for every user.
>
> Heck no to X.509. We'd run into the same issue we have right now--a
> select group of companies charging users to prove their identity.
>
Not if enough of us get behind CACERT.
Non-profit organization providing fee certificates based on web of trust
model.
http://www.cacert.org
For any of you in the bay area and/or who encounter me in my various
travels, I am an CACERT top-level notary.
Personally, I like the SSH model and simply giving the web-site your
public key at sign-up, but, there are issues with that as well...
If your private key is compromised, how do you notify all of the web-sites
that it needs to be revoked?
Owen
