On Monday 06 April 2009 17:04:02 Jan Zerebecki wrote:
I read a bit about OpenID security issues and from that it seems that OpenID is more secure than what we currently use if the Relying Party ( the website that wants to authenticate a user, i.e. winehq.org ) and the OpenID Provider get their implementation right (i.e. I have not found any security bug in the spec itself). The downside is that there is one more party that can be compromised, the upside is that this party is usually the hardest to compromise and that it ensures that some attacks don't work on the other two parties (that previously worked).
I may be wrong, so please correct me.
I see the attack scenario where someone stole an openid user's identity and is now using that to do bad things on the wine sites.
Also, the flaw I see in the OpenID spec is that they're not requiring the use of SSL, but you decided to not allow the MITM attack against the DH exchange as an argument. So all I can say is that while all the points I could raise are invalidated by your exclusion, I don't like the OpenID design and don't want to support it. There's good password safe programs available for people who don't want to remember their logins for multiple sites. That should be good enough.
Kai