nanog mailing list archives

Re: LinkedIn password database compromised

From: Joe Maimon <jmaimon () ttec com>
Date: Fri, 08 Jun 2012 17:32:51 -0400



David Walker wrote:

Self signed certificates does sound great and for most purposes,
certainly in this case, fulfills all the requirements. There's no need
to verify anything about me is correct other than to tie my
authentication to my account. If I fail to meet the TOS then the plug
is easily pulled and any further activity can be dealt with as it
currently is by other means. I think there's enough risk in bringing
in a CA and so little advantage that it's wrong.

If LinkedIn or facebook or any large social site were to implement x509,they would be silly not to cast themselves as the trusted root.


a) its better than self signed

b) now they are an x509 identify provider

Current thread:

Re: How to fix authentication (was LinkedIn), (continued)
- - - Re: How to fix authentication (was LinkedIn) AP NANOG (Jun 22)
    - Re: How to fix authentication (was LinkedIn) Leo Bicknell (Jun 22)
    - Re: How to fix authentication (was LinkedIn) Kyle Creyts (Jun 23)
    - Re: How to fix authentication (was LinkedIn) AP NANOG (Jun 25)
    - Re: LinkedIn password database compromised Rich Kulawiec (Jun 21)
    - Re: LinkedIn password database compromised Dave Hart (Jun 21)
    - Re: LinkedIn password database compromised Robert Bonomi (Jun 22)
    - Re: LinkedIn password database compromised AP NANOG (Jun 22)
    - RE: LinkedIn password database compromised Keith Medcalf (Jun 23)
- Re: LinkedIn password database compromised David Walker (Jun 07)
  - Re: LinkedIn password database compromised Joe Maimon (Jun 08)