IRC log of dig on 2012-04-19
Timestamps are in UTC.
- 01:17:09 [scor]
- scor (~scor@drupal.org/user/52142/view) has joined #dig
- 02:05:29 [scor]
- scor has quit (Quit: scor)
- 02:46:23 [deiu]
- deiu (~andrei@evr91-8-88-182-116-22.fbx.proxad.net) has joined #dig
- 02:46:23 [deiu]
- deiu has quit (Changing host)
- 02:46:23 [deiu]
- deiu (~andrei@unaffiliated/deiu) has joined #dig
- 02:58:04 [deiu]
- deiu has quit (Ping timeout: 252 seconds)
- 04:28:39 [rszeno]
- rszeno has quit (Quit: Leaving.)
- 06:46:09 [bblfish]
- bblfish (~bblfish@hote-73-31.cccl.www2012.org) has joined #dig
- 06:46:24 [bblfish_]
- bblfish_ (~bblfish@hote-73-31.cccl.www2012.org) has joined #dig
- 07:26:55 [bblfish_]
- bblfish_ has quit (Remote host closed the connection)
- 07:26:55 [bblfish]
- bblfish has quit (Quit: bblfish)
- 07:41:54 [deiu]
- deiu (~andrei@unaffiliated/deiu) has joined #dig
- 07:58:41 [bblfish]
- bblfish (~bblfish@hote-73-31.cccl.www2012.org) has joined #dig
- 07:58:57 [bblfish_]
- bblfish_ (~bblfish@hote-73-31.cccl.www2012.org) has joined #dig
- 08:10:14 [bblfish]
- bblfish has quit (Remote host closed the connection)
- 08:10:15 [bblfish_]
- bblfish_ has quit (Quit: bblfish_)
- 08:58:28 [danbri]
- danbri has quit (Read error: Connection reset by peer)
- 08:58:49 [danbri]
- danbri (~danbri@cable-146-255-148-108.dynamic.telemach.ba) has joined #dig
- 09:23:39 [bblfish]
- bblfish (~bblfish@hote-92-90.cccl.www2012.org) has joined #dig
- 09:23:54 [bblfish_]
- bblfish_ (~bblfish@hote-92-90.cccl.www2012.org) has joined #dig
- 09:42:21 [melvster]
- melvster (~melvin@p4FF97D79.dip.t-dialin.net) has joined #dig
- 10:05:32 [cheater_]
- cheater_ (~cheater@g229022227.adsl.alicedsl.de) has joined #dig
- 10:08:46 [cheater]
- cheater has quit (Ping timeout: 276 seconds)
- 10:15:53 [deiu]
- deiu has quit (Remote host closed the connection)
- 10:17:33 [deiu]
- deiu (~andrei@unaffiliated/deiu) has joined #dig
- 10:17:40 [deiu]
- deiu has quit (Read error: Connection reset by peer)
- 10:17:49 [deiu]
- deiu (~andrei@157.159.103.120) has joined #dig
- 10:17:49 [deiu]
- deiu has quit (Changing host)
- 10:17:49 [deiu]
- deiu (~andrei@unaffiliated/deiu) has joined #dig
- 10:21:52 [bblfish_]
- bblfish_ has quit (Quit: bblfish_)
- 10:21:52 [bblfish]
- bblfish has quit (Remote host closed the connection)
- 10:32:55 [bblfish]
- bblfish (~bblfish@hote-92-90.cccl.www2012.org) has joined #dig
- 10:33:06 [bblfish_]
- bblfish_ (~bblfish@hote-92-90.cccl.www2012.org) has joined #dig
- 10:33:41 [bblfish_]
- bblfish_ has quit (Client Quit)
- 10:33:41 [bblfish]
- bblfish has quit (Remote host closed the connection)
- 11:19:51 [rszeno]
- rszeno (~rszeno@79.114.102.201) has joined #dig
- 11:23:46 [RalphS]
- RalphS (Ralph@30-7-118.wireless.csail.mit.edu) has joined #dig
- 12:01:05 [bblfish]
- bblfish (~bblfish@hote-95-33.cccl.www2012.org) has joined #dig
- 12:01:11 [bblfish_]
- bblfish_ (~bblfish@hote-95-33.cccl.www2012.org) has joined #dig
- 12:42:19 [bblfish_]
- bblfish_ has quit (Remote host closed the connection)
- 12:42:20 [bblfish]
- bblfish has quit (Quit: bblfish)
- 12:46:48 [bblfish]
- bblfish (~bblfish@hote-95-33.cccl.www2012.org) has joined #dig
- 12:47:03 [bblfish_]
- bblfish_ (~bblfish@hote-95-33.cccl.www2012.org) has joined #dig
- 12:57:30 [scor]
- scor (~scor@drupal.org/user/52142/view) has joined #dig
- 13:41:29 [timbl]
- timbl (~timbl@212.180.75.100) has joined #dig
- 13:43:11 [bblfish]
- bblfish has quit (Quit: bblfish)
- 13:43:11 [bblfish_]
- bblfish_ has quit (Remote host closed the connection)
- 13:45:25 [mhausenblas]
- mhausenblas (~mhausenbl@wlan-nat.fwgal01.deri.ie) has joined #dig
- 14:12:24 [bblfish]
- bblfish (~bblfish@hote-95-33.cccl.www2012.org) has joined #dig
- 14:12:44 [bblfish_]
- bblfish_ (~bblfish@hote-95-33.cccl.www2012.org) has joined #dig
- 14:31:20 [bblfish]
- bblfish has quit (Remote host closed the connection)
- 14:31:20 [bblfish_]
- bblfish_ has quit (Quit: bblfish_)
- 14:33:48 [bblfish]
- bblfish (~bblfish@hote-95-33.cccl.www2012.org) has joined #dig
- 14:34:05 [bblfish_]
- bblfish_ (~bblfish@hote-95-33.cccl.www2012.org) has joined #dig
- 14:46:20 [danbri]
- danbri has quit (Read error: Connection reset by peer)
- 14:46:30 [danbri]
- danbri (~danbri@cable-146-255-148-108.dynamic.telemach.ba) has joined #dig
- 15:11:22 [mhausenblas]
- mhausenblas has quit (Quit: brb)
- 15:50:09 [bblfish_]
- bblfish_ has quit (Remote host closed the connection)
- 15:50:10 [bblfish]
- bblfish has quit (Quit: bblfish)
- 15:50:49 [timbl]
- timbl has quit (Quit: timbl)
- 16:22:14 [timbl]
- timbl (~timbl@212.180.75.100) has joined #dig
- 16:36:18 [melvster]
- Deiu: http://builtwithbootstrap.com/post/21382991947/movuca-a-social-network-and-cms-platform-movuca
- 16:54:58 [scor]
- scor has quit (Quit: scor)
- 18:39:59 [presbrey]
- http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
- 18:40:21 [presbrey]
- "This error can be exploited
- 18:40:22 [presbrey]
- on systems that parse untrusted data, such as X.509 certificates or RSA public
- 18:40:22 [presbrey]
- keys..."
- 18:41:10 [presbrey]
- beware WebID implementors; we inherit an insecure platform!
- 18:44:26 [presbrey]
- found by good old Google :)
- 18:48:41 [presbrey]
- interesting as they also write: http://www.browserauth.net/tls-client-authentication
- 18:49:13 [presbrey]
- melvster, are we already in contact with browserauth.net google guys?
- 18:49:49 [melvster]
- let me look
- 18:51:00 [presbrey]
- "TLS Client Authentication, in its current form, cannot be used to authenticate users on the web. Reasons range from privacy issues to usability issues to practical problems with the way large datacenters tend to be set up. Instead, we propose to use Origin-Bound Certificates to authenticate TLS clients and to channel-bind HTTP cookies to TLS channels."
- 18:51:57 [presbrey]
- these Origin-Bound Certificates sound like the natural platform for WebID
- 18:52:22 [presbrey]
- http://www.browserauth.net/origin-bound-certificates
- 18:52:33 [presbrey]
- "An Origin-Bound Certificate (OBC) is a self-signed certificate that the browser uses to perform TLS Client Authentication. Unlike normal certificates, and their use in TLS Client Authentication, origin-bound certificates do not require any interaction with the user"
- 18:52:38 [melvster]
- Dirk Balfanz seems to be on some of the openid mail lists
- 18:53:10 [melvster]
- i suspect we've been in touch, perhaps tangentially
- 18:53:21 [melvster]
- but thanks for the link ... ill look in more detail
- 18:53:48 [melvster]
- ill add it to the rww wiki too
- 18:53:53 [presbrey]
- I think they might push this with SPDY
- 18:54:23 [presbrey]
- no path for SAN though: "If the client doesn't have a suitable certificate for the server it is connecting to, it will create a new self-signed certificate. The certificate itself does not include any information about the user..."
- 18:55:43 [melvster]
- ah interesting
- 20:00:20 [presbrey]
- ofc this may be a good path to drop X509 too
- 20:00:50 [presbrey]
- I think webid can be rebuilt atop the TLS-OBC channel-bound cookies
- 20:10:53 [presbrey]
- simply by adding cert:origin
- 20:20:07 [RalphS]
- RalphS has quit ()
- 20:53:36 [danbri_]
- danbri_ (~danbri@cable-146-255-148-108.dynamic.telemach.ba) has joined #dig
- 20:56:15 [danbri]
- danbri has quit (Read error: Connection reset by peer)
- 21:44:46 [danbri]
- danbri (~danbri@cable-146-255-148-108.dynamic.telemach.ba) has joined #dig
- 21:44:59 [danbri_]
- danbri_ has quit (Read error: Connection reset by peer)
- 23:22:54 [melvster]
- melvster has quit (Ping timeout: 260 seconds)