Comments on: Authentication through blogs http://www.eire.com/2003/authentication-through-blogs/ Government, Infrastructure, Business Mon, 07 Nov 2011 07:06:19 +0000 hourly 1 By: Kevin Marks http://www.eire.com/2003/authentication-through-blogs/comment-page-1/#comment-2592 Kevin Marks Wed, 30 Nov -0001 00:00:00 +0000 http://www.eire.com/wordpress/?p=26#comment-2592 This is trusting the commenters client software to authenticate the commenter. As he owns it, this is about as reliabel as trusting SMTP headers. This is trusting the commenters client software to authenticate the commenter. As he owns it, this is about as reliabel as trusting SMTP headers.

]]> By: Antoin O Lachtnain http://www.eire.com/2003/authentication-through-blogs/comment-page-1/#comment-2593 Antoin O Lachtnain Wed, 30 Nov -0001 00:00:00 +0000 http://www.eire.com/wordpress/?p=26#comment-2593 That's not correct! This scheme depends on the commenter's blog software to authenticate the commenter. The browser itself does not perform the authentication. That’s not correct! This scheme depends on the commenter’s blog software to authenticate the commenter. The browser itself does not perform the authentication.

]]> By: michael http://www.eire.com/2003/authentication-through-blogs/comment-page-1/#comment-2594 michael Wed, 30 Nov -0001 00:00:00 +0000 http://www.eire.com/wordpress/?p=26#comment-2594 yes, but the commenter is still in control of his blgoging software and as such able to manipulate it. yes, but the commenter is still in control of his blgoging software and as such able to manipulate it.

]]> By: Antoin O Lachtnain http://www.eire.com/2003/authentication-through-blogs/comment-page-1/#comment-2595 Antoin O Lachtnain Wed, 30 Nov -0001 00:00:00 +0000 http://www.eire.com/wordpress/?p=26#comment-2595 But surely that's the whole point! You can check for sure that he is in fact the person who owns the blog and not someone else pretending to be him. But surely that’s the whole point! You can check for sure that he is in fact the person who owns the blog and not someone else pretending to be him.

]]> By: Niall O'Reilly http://www.eire.com/2003/authentication-through-blogs/comment-page-1/#comment-2596 Niall O'Reilly Wed, 30 Nov -0001 00:00:00 +0000 http://www.eire.com/wordpress/?p=26#comment-2596 What you're suggesting, Antoin, is very like the authentication method used in the LSoft LISTSERV. It was probably some time in the late eighties that Eric Thomas implemented it. It still works. The "transport" is just e-mail. Cookie-based browser-mediated authentication has been added since, but the more sensitive transactions (changing the password, for example) use e-mail as an "out-of-band" channel. By offering a variety of both methods and transports, ppl with a less sophisticated infrastructure (no blog of their own, or whatever) can be accommodated. This is analogous to the variety of options PAM provides. Of course, TANSTAAFL: the software is more complex. I wonder why the RIPE DB comes to mind ... What you’re suggesting, Antoin, is very like
the authentication method used in the LSoft
LISTSERV. It was probably some time in the
late eighties that Eric Thomas implemented it.
It still works. The “transport” is just e-mail.
Cookie-based browser-mediated authentication
has been added since, but the more sensitive
transactions (changing the password, for example)
use e-mail as an “out-of-band” channel.
By offering a variety of both methods and transports, ppl with a less sophisticated
infrastructure (no blog of their own, or whatever)
can be accommodated. This is analogous to the
variety of options PAM provides. Of course, TANSTAAFL: the software is more complex. I wonder why the RIPE DB comes to mind …

]]> By: Antoin O Lachtnain http://www.eire.com/2003/authentication-through-blogs/comment-page-1/#comment-2597 Antoin O Lachtnain Wed, 30 Nov -0001 00:00:00 +0000 http://www.eire.com/wordpress/?p=26#comment-2597 Well, it's not quite like that ... this authentication has a peculiar triangular quality to it. Maybe this (slightly fuzzy) diagram illustrates it a bit better. Just follow the numbers and you'll be able to understand it: Obviously, this all depends on the remote blogserver trusting the home blogserver to authenticate the person. But why not trust them? It's a few blog posts we're trying to authenticate here. We're not defending Fort Knox. The idea is to build the simplest thing that might possibly work. Well, it’s not quite like that … this authentication has a peculiar triangular quality to it.

Maybe this (slightly fuzzy) diagram illustrates it a bit better. Just follow the numbers and you’ll be able to understand it:

Obviously, this all depends on the remote blogserver trusting the home blogserver to authenticate the person. But why not trust them? It’s a few blog posts we’re trying to authenticate here. We’re not defending Fort Knox. The idea is to build the simplest thing that might possibly work.

]]> By: Brian White http://www.eire.com/2003/authentication-through-blogs/comment-page-1/#comment-2598 Brian White Wed, 30 Nov -0001 00:00:00 +0000 http://www.eire.com/wordpress/?p=26#comment-2598 Well, it has just come out in the last week that MS passport is really easy to break into. JUst a warning to everybody! Microsoft have been lax on security again. Their potential penalty in the states for this is in the billioons of dollars. Dont use passport. Credit card numbers can easily be obtained from it. Really you shouldnt be using windows either! Microsoft is a us company who have secret back doors to windows. Some of them are for the companys own use. (To see what competitor software you have, And a security expert here in Victoria suggested that (as part of the secret deal microsoft did after 911), that other back doors were given to the us government. (and a keystroke logger dutifully reports back telling them every move u make! I use opera as my browser under linux. And it reports that 2 scripts are trying to read my passwords, every time I log in anywhere! Now, if the bad guys get that back door info, all your info is easy to grab! The best way to autentication is several platforms. Not just windows. The autentication method must be cross platform. The main opperating systems out there are windows, solaris, linux (in its varietys) mandrake from france, Suse from germany and perhaps an irish one too, symbian ad palm. We should be using a variety of them for security reasons as well as commercial ones. Brian white Well, it has just come out in the last week that MS passport is really easy to break into. JUst a warning to everybody! Microsoft have been lax on security again. Their potential penalty in the states for this is in the billioons of dollars. Dont use passport. Credit card numbers can easily be obtained from it. Really you shouldnt be using windows either! Microsoft is a us company who have secret back doors to windows. Some of them are for the companys own use. (To see what competitor software you have, And a security expert here in Victoria suggested that (as part of the secret deal microsoft did after 911), that other back doors were given to the us government. (and a keystroke logger dutifully reports back telling them every move u make! I use opera as my browser under linux. And it reports that 2 scripts are trying to read my passwords, every time I log in anywhere! Now, if the bad guys get that back door info, all your info is easy to grab! The best way to autentication is several platforms. Not just windows. The autentication method must be cross platform. The main opperating systems out there are windows, solaris, linux (in its varietys) mandrake from france, Suse from germany and perhaps an irish one too, symbian ad palm. We should be using a variety of them for security reasons as well as commercial ones.
Brian white

]]> By: Blood Pressure http://www.eire.com/2003/authentication-through-blogs/comment-page-1/#comment-2638 Blood Pressure Wed, 30 Nov -0001 00:00:00 +0000 http://www.eire.com/wordpress/?p=26#comment-2638 <strong>blood pressure monitors</strong> blood pressure monitors

]]>