LinkedIn password database compromised

• Previous message (by thread): LinkedIn password database compromised
• Next message (by thread): LinkedIn password database compromised
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jun 6, 2012, at 11:14 PM, Aaron C. de Bruyn wrote:

> On Wed, Jun 6, 2012 at 8:34 PM, Jimmy Hess <mysidia at gmail.com> wrote:
>> Which digital id architecture should web sites implement, and what's
>> going to make them  all agree on one SSO system   and move from the
>> current state to one of the possible solutions though?  :)
>> 
>>        A TLS + Client-Side X.509 Certificate  for every user.
> 
> Heck no to X.509.  We'd run into the same issue we have right now--a
> select group of companies charging users to prove their identity.
> 

Not if enough of us get behind CACERT.

Non-profit organization providing fee certificates based on web of trust
model.

http://www.cacert.org

For any of you in the bay area and/or who encounter me in my various
travels, I am an CACERT top-level notary.

Personally, I like the SSH model and simply giving the web-site your
public key at sign-up, but, there are issues with that as well...

If your private key is compromised, how do you notify all of the web-sites
that it needs to be revoked?

Owen

• Previous message (by thread): LinkedIn password database compromised
• Next message (by thread): LinkedIn password database compromised
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]