Domain: verisignlabs.com
Stories and comments across the archive that link to verisignlabs.com.
Comments · 15
-
Re:Broken DNSSEC
If only it were that easy to get rid of bennet hasselton posts, but alas, he can still access slashdot even though it has the same errors.
http://dnssec-debugger.verisig...
It was a valiant guess though.
-
Re:Password manager?
https://pip.verisignlabs.com/
Passwords can be stored encrypted and online with 2-factor for access with Symantec Personal Identity Portal. The 2-factor was the point at which I became willing to store the passwords online. Sorry if it's spammy, but it's a free product that works well for me. Online encrypted storage, second factor token software.I don't necessarily trust Symantec, and half expect them to discontinue this in the most inconvenient way possible, but it works for me for now.
-
Re:Thank god you're reading slashdot
And/or I think you're claiming that alternative SSO systems could be worse, but I'm claiming its already as bad as it can be. Unless I summarized you wrong, there's probably nothing else to do but civilly agree to disagree and wish you a happy day.
Authentication and SSO are the new horizon in Internet rentier economy, the only thing that'll keep consumers on an equal footing are rules for what information can and cannot be collected, and rules requiring everyone have equal access.
Don't know about GOOG and Facebook, but I've done SSL business with Verisign a few times in the past, and all they wanted for SSL certs was cold hard cash.
Verisign has a good business but it also is skating for where the puck will be.
-
Re:What bothers me about OpenID.
The idea is dumb, it does put your eggs all in one basket because once someone has your login credentials they have your whole online identity.
If I found out Richard Stallman's openID usr/pass I could create an account on slashdot and post shit and people would think I am him because I am using his openID identity.
That's what is so damaging about it. Not only does it give a black hat login access to your personal information all over the internet, but it also allows you to create new information under the guise of someone else potentially ruining a person's life.
The above shows off OpenID's biggest weakness. Which is not the "all your eggs in one basket" as the poster alludes to, but rather the phenomenally poor marketing of OpenID. OpenID's web page pretty much sucks in explaining the technologies strengths. The biggest strength is that you don't have to have a static username/password. All the following are valid ways to authenticate with OpenID
- RSA Tokens
- Yubi Keys"
- SMS Texting (The authentication server generates a random string and sends it to a phone via sms. It has the added benefit that you know when someone is trying to access your account.
- A system that uses Perfect paper passwords
- A system that takes an image from your digital photo collection and asks who took it
- A system that asks you to solve a word problem
- Whatever else you can come up with
In addition, the system can be set up so that you can have a list of "high security" sites (ie: a bank) where you have to answer a different set of questions/use a different authenticator then your normal everyday blog site.
-
Re:What bothers me about OpenID.
You clearly have absolutely no idea how OpenID works at all.
The centralization occurs at your OpenID provider, who would be the likes of VeriSign
You do not trust each OpenID consumer. -
...but what *are* they?
I googled around earlier to try to determine whether these are VeriSign VIP devices. If so, that'd be great -- they'd interoperate with PayPal and eBay and VeriSign's OpenID provider and anyone else who either supports OpenID or signs up for VeriSign's program.
Making tech-happy people carry around more than one OTP device would be a real shame, so I'll be disappointed if more word on these comes out and it turns out that they don't interoperate.
-
Re:I can build an atomic weapon with a paper clipUnless you're talking about active encryption on the customer card, encrypting the data on the mag stripe won't help. I'd still be able to replay the mag stripe contents to get a valid auth; the only difference would be that I couldn't read it in plain text.
My ideal solution would be to have crypto built in to the card like the $5 Paypal security fobs. BTW, they work at paypal, eBay, and for Verisign's openID offering. Sweet! -
Verisign Has Similar Offering Via Paypal
Paypal has been offering tokens for a while now (for $5). And they work with Verisign's Personal Identity Provider service.
So for $5 you can get a little "football" of a token that will work as an OpenID login for any site that supports open ID.
-
Anything like verasigns pip?
I believe this already exists with verasigns pip https://pip.verisignlabs.com/ . In this you have a hardware key that rotates it's numbers every 30 seconds.
-
Re:Secure?
Also, there is one 'higher class' authentication layer implemented already, mentioned on episode 107 of security now podcast http://www.grc.com/securitynow.htm :
Verisign has an OpenID implementation, https://pip.verisignlabs.com/, with a plugin for firefox that makes it easy to manage signing into sites.
Verisign's implementation is already behind the paypal and ebay security fobs, and if you get a pip account, you can buy one and use it for secure authentication everywhere. They cost $30 from verisign, but only $5 from paypal: http://paypal.com/securitykey -
Re:Nice in theory...
-
Re:I've always liked the IDEA of OpenID
EastMedia (my company) built an OSS reference implementation in Ruby (and Rails) for VeriSign. You can see it running at http://pip.verisignlabs.com./ This project also helped sponsor some of the development of the well-known Ruby Web server Mongrel (http://mongrel.rubyforge.org), and the app underwent a non-trivial amount of security and performance testing. The application was released into OSS via the Apache Heraldry project in the fall of 2006. We also built a Rails plugin so you can OpenID-enable your own applications. If Ruby/Rails isn't your thing, JanRain builds excellent OpenID libraries in many popular languages, specifically to make it easy to implement your own apps without worrying about the implementation requirements of the wire protocol. More info is available at: Rails OpenID Server: http://identity.eastmedia.com/identity/show/Rails
+ OpenID+Server Rails Consumer Plugin: http://identity.eastmedia.com/identity/show/Consum er+Plugin More Info: http://identity.eastmedia.com/ Matt -
Re:Overly complicated
Cortana: Check out this link:
http://www.openidenabled.com/openid/use-your-own-u rl-as-an-openid
It allows you to use LiveJournal, the PIP or MyOpenID and your own domain.
If you want to run your own library, there is a PHP server out there:
http://www.openidenabled.com/openid/php-standalone -openid-server -
Re:I've always liked the IDEA of OpenID
PIP is quite complete.
-
Re:Ted, meet wikipedia
Exactly because they're grafted on top of the WWW architecture instead of being designed in from the start, no?
Either that, or it's simply a difficult problem that couldn't be designed into WWW from the start because there was no good solution.
Trackbacks aren't terribly CPU- or network-demanding in many cases (though note that weblogs.com has very high requirements). But there's still the trust / spam problem with them. That you're basically allowing anyone to add links to your webpage. That's fine if you have an army of people to comb through every single addition, but in cases where individual users don't want to monitor their trackbacks 24/7, it may not be a good thing.