[154051] in North American Network Operators' Group
Re: How to fix authentication (was LinkedIn)
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Jun 22 10:26:30 2012
Date: Fri, 22 Jun 2012 07:25:29 -0700
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <CAL9jLaY91oURfGmX3jK2D5vQq=QLZzXWxHC0t2tSe=q=TgoPkg@mail.gmail.com>
<m2vcik6oz4.wl%randy@psg.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Thu, Jun 21, 2012 at 04:48:47PM -1000, Randy Bush w=
rote:
> there are no trustable third parties
With a lot of transactions the second party isn't trustable, and
sometimes the first party isn't as well. :)
In a message written on Thu, Jun 21, 2012 at 10:53:18PM -0400, Christopher =
Morrow wrote:
> note that yubico has models of auth that include:
> 1) using a third party
> 2) making your own party
> 3) HOTP on token
> 4) NFC
>=20
> they are a good company, trying to do the right thing(s)... They also
> don't necessarily want you to be stuck in the 'get your answer from
> another'
Requirements of hardware or a third party are fine for the corporate
world, or sites that make enough money or have enough risk to invest
in security, like a bank.
Requiring hardware for a site like Facebook or Twitter is right
out. Does not scale, can't ship to the guy in Pakistan or McMurdo
who wants to sign up. Trusting a third party becomes too expensive,
and too big of a business risk.
There are levels of security here. I don't expect Facebook to take
the same security steps as my bank to move my money around. One
size does not fit all. Making it so a hacker can't get 10 million
login credentials at once is a quantum leap forward even if doing
so doesn't improve security in any other way.
The perfect is the enemy of the good.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--5vNYLRcllDrimb99
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQIVAwUBT+SAWbN3O8aJIdTMAQIuMA//TJf0M22FtfBtdGC7tYDqB1dUrpJtQ0Zd
TqriX7DarjpHnWj9LgqfXJ+78Vgc/smFxTl0fGAKt0wKgtGpZOVbop/H9lrHsmcY
p5ldsNJa/mRzi2c1ESXWNKl8RCtkZ6oddaJa+tSbzNRap3FwiMuR+uOeStbq5110
Ca2rVKEMMd1TeI51dkf8u5o7bT8E23F6/NzwUQzBEjI9UqoYH07g8owOxqdRLBmh
GohyelIYZVeRVGsgKunkSl2EKR0erOtDmDdiW/vE5vkrmmAnjJIbGexXdV/Lzhny
q7srqQJYwpCGxKq23GwOpifnWSBnNBzmGMRTZ81rNkzy5wsid1AaQz0q2dvP8o0V
lLItit8r2rs3uXO52dpT41SM1MrYR4BuihdpW+FS5Exf3U9d5yrdT7sGVTFxbUet
BJSDPvemVUGM49xwIy1ymr5NGKGRqHvOsbr3N2EZx78inIBbxkvEtSOd39duvMmM
0PBTijsFmjVhTE79tdTExUIU6w6YkmVBk/+/va3aBnG2o8CC27z2fKB+BEQYRY/A
vNkoMEIX6Q6MrNfrO4Bg1DxBUxrEY0IIOo9y9flDKGeeeGwlI4qCl5jtT2Wny0A2
asPT07lqz13xHUn1YuP/1YqMsudhc4GQqRQGHrOWZB3uViqAGLq8L2RBypcIgRPL
aDYGo4hqz2w=
=JOHo
-----END PGP SIGNATURE-----
--5vNYLRcllDrimb99--
