Comments on: Authentication Requires Trust

By: chobas.com’s blog » I really don’t know what to title this one

chobas.com’s blog » I really don’t know what to title this one — Mon, 26 Feb 2007 05:09:09 +0000

[…] get it and how it’s the latest meme and the fashionable fad. And I was going to cite this’s guys post. But then he reneged on his stance and wrote this. There remains something that I don’t like […]

By: I Got BlueBoxed!

I Got BlueBoxed! — Thu, 04 Jan 2007 01:04:17 +0000

[…] A recent post of mine got mentioned on the Blue Box VoIP Security Podcast (specifically on Episode #48)! Hm… I might have to listen to start listening to this podcast. […]

By: Blue Box: The VoIP Security Podcast

Blue Box: The VoIP Security Podcast — Thu, 04 Jan 2007 00:20:52 +0000

Blue Box #48: The Crystal Ball Edition - Top VoIP Security issues of 2006 and predictions for 2007, Skype worm that wasn’t, drive-by SPIT, OpenID, poking holes in firewalls, listener comments and more……

Synopsis: The Crystal Ball Edition - Top VoIP Security issues of 2006 and predictions for 2007, Skype worm that wasn’t, drive-by SPIT, OpenID for SIP authentication, poking holes in firewalls, listener comments and more… Welcome to Blue Box: The VoI…

By: OpenID身份验证系统的可信性 at iF20:天真。天眞的我们必然幸福。

OpenID身份验证系统的可信性 at iF20:天真。天眞的我们必然幸福。 — Fri, 15 Dec 2006 16:06:11 +0000

[…] 但是PhoneBoy对这种认证服务的随意性与自由化产生怀疑，他在文章”Authentication Requires Trust“里面提到如何保证这种认证服务的可信性问题。中国有句古话叫“王婆卖瓜，自卖自夸”，同样的对于自主架设的OpenID认证服务器也是如此。如何保证你的验证所提供的信息是真实的，OpenID的运行机制并没有对此做出验证。相反，在OpenID的运行机制说明中，关于信任问题是如何描述的： This is not a trust system. Trust requires identity first. […]

By: Telepocalypse

Telepocalypse — Thu, 14 Dec 2006 20:28:14 +0000

Shut up, Martin!…

There seems to be considerable public demand, so I’ll explain why no amount of technology is going to make an open voice network appear. I’ve written about open vs. closed networks before a bit. We don’t have a comprehensive theory……

By: The PhoneBoy Blog » Eating My Words on OpenID

The PhoneBoy Blog » Eating My Words on OpenID — Thu, 14 Dec 2006 19:39:57 +0000

[…] Between a private email from Aswath and other posts on OpenID, I have reconsidered my opinion on this. It may not be such a bad thing after all. […]

By: Blog by Kveton » OpenID + VoIP == Good?

Blog by Kveton » OpenID + VoIP == Good? — Thu, 14 Dec 2006 17:32:08 +0000

[…] I happened upon a discussion about using OpenID for authenticating VoIP clients to one another that was sparked by this post posted by Martin Geddes. That was followed up by Aswath with a post describing how you could use OpenID to help assert your identity with VoIP calls. This was followed up by Phoneboy (not his real name, I *think* - heh) leading to a discussion about OpenID and its lack of trust. […]

By: OpenID: A possible identity mechanism for VoIP? -- Alec Saunders .LOG

OpenID: A possible identity mechanism for VoIP? -- Alec Saunders .LOG — Thu, 14 Dec 2006 13:59:40 +0000

[…] Holes? Well, as Phoneboy pointed out, there is no trusted authority required in the spec. But, according to the website, Verisign can provide that. Moreover, because it’s open and distributed, why couldn’t your employer, the local police station, your phone company or your church vouch for you? […]

By: Authentication | directory-financial.info

Authentication | directory-financial.info — Wed, 31 Dec 1969 16:00:00 +0000

Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. ).” i know that since we have a proxy server in our … Related: • ISA • server • authentication • failed • error Authentication Requires Trust While that?s fine and dandy from a lack of vendor lock-in point of view, from an authentication point of view, it?s horrible. What?s worse, is that there is no trust built into the model. Even the How This Works page at OpenID says it!