nanog mailing list archives
Re: LinkedIn password database compromised
From: Joe Maimon <jmaimon () ttec com>
Date: Fri, 08 Jun 2012 17:32:51 -0400
David Walker wrote:
Self signed certificates does sound great and for most purposes, certainly in this case, fulfills all the requirements. There's no need to verify anything about me is correct other than to tie my authentication to my account. If I fail to meet the TOS then the plug is easily pulled and any further activity can be dealt with as it currently is by other means. I think there's enough risk in bringing in a CA and so little advantage that it's wrong.
If LinkedIn or facebook or any large social site were to implement x509, they would be silly not to cast themselves as the trusted root.
a) its better than self signed b) now they are an x509 identify provider
Current thread:
- Re: How to fix authentication (was LinkedIn), (continued)
- Re: How to fix authentication (was LinkedIn) AP NANOG (Jun 22)
- Re: How to fix authentication (was LinkedIn) Leo Bicknell (Jun 22)
- Re: How to fix authentication (was LinkedIn) Kyle Creyts (Jun 23)
- Re: How to fix authentication (was LinkedIn) AP NANOG (Jun 25)
- Re: LinkedIn password database compromised Rich Kulawiec (Jun 21)
- Re: LinkedIn password database compromised Dave Hart (Jun 21)
- Re: LinkedIn password database compromised Robert Bonomi (Jun 22)
- Re: LinkedIn password database compromised AP NANOG (Jun 22)
- RE: LinkedIn password database compromised Keith Medcalf (Jun 23)
- Re: LinkedIn password database compromised Joe Maimon (Jun 08)