Comments on: Issues with a FOAF-based Authentication System

By: Henry Story

Henry Story — Sat, 06 Sep 2008 06:18:33 +0000

Find me a protocol that is not open to user stupidity? Have you ever tried to doing internet transactions? They ask you for the number on a credit card. Something the credit vendor could then just reuse and make a sale elsewhere… So my point is that in so far as your problem is real, it applies to all protocols.

By: Pipian

Pipian — Fri, 05 Sep 2008 21:53:12 +0000

You’re absolutely right that this is a social problem, but many individuals may be leaving the keys in the hands of some ‘trustworthy company,’ not unlike how we trust the credit card companies, merchant services, vendors, and banks to all keep the keys locked up tight so that the other four don’t end up losing money due to fraud. The problem isn’t necessarily that users aren’t secure as opposed to not necessarily having the option to BE secure for various reasons (say, LiveJournal users using their FOAF export). Furthermore, unlike the key examples, this isn’t a threat to just the client, but also to the server relying on the correct individual at the other end. If Bob has been granted wide-access on a service by a company, and his web host of choice gets hacked with a zero-day exploit, it may actually put the company at risk as much as Bob, even though Bob took proper precautions.

Granted, a private key can assist this, but the fact remains that FOAF+SSL requires the FOAF file to have the correct signature. Just because Bob uses a USB key doesn’t mean that someone can’t hack the FOAF file to point to their OWN key’s signature, so as to gain access to Bob’s account.

By: Henry Story

Henry Story — Fri, 05 Sep 2008 18:05:51 +0000

Well of course if you leave the keys to your house under the door mat, anyone can come in and answer your telephone calls. Clearly this is not a problem with the key, this is a problem with how people make use of the key. Similarly if you have an army to protect your country, but they don’t guard the frontier, then people can invade easily. That’s not a problem with the army, but with how they are trained. Similarly in this case. If people don’t protect their passwords giving access to their web server, then that does not say anything about the protocol, just that people are ignorant of security. This problem can’t be solved by changing the protocol therefore, but has to be changed in other ways, either by education, or by making it very difficult for people to loose their information.

You can improve the security of a web server dramatically by only allowing access via SSL, and having SSL get its key from a USB key containing an impossible to remove private key that would encrypt the communication. This costs hardly anything nowadays. If someone looses their key, they would notice it and be able to call the alarm. You can make things more secure still quite easily. It is just a matter for these services to be rolled out. Furthermore that could be the same key your browser uses to encrypt the foaf+ssl connection in that protocol.

In the case of OpenId, which is more complicated, there are more places of failure, and so more ways for things to go wrong. That is a problem for it. But you also have to see how things stand at present, with people giving out their passwords to gmail to facebook in order to export easily their social network. And as far as that goes, openid is already a big improovement.