Cryptosmith

I received an e-mail from a mutual friend named Jim Burrows who was decrying the state of information security, blaming it on the lack of good models for solving modern security problems. I have to agree, and I admit I don’t have a glib answer.

A few weeks back, Gunnar Peterson posted some comments relevant to this discussion of modern security policy, but I haven’t managed to frame response to that one, either.

At least, I can agree that traditional models are broken. I believe there are some fundamentals that remain constant, but the high level attempt to build firewalled enclaves is clearly obsolete (except for a very few special situations). Continue Reading »

Posted under Security | 3 Comments »

Thanks to Gary Krall, tech director of PIP at Verisign, I have a recipe for “works every time” OpenID delegation with their free PIP service. First, what is OpenID delegation?

Delegation lets you use your very own URL as your identity URL for logging in with OpenID. For example, I can use http://www.cryptosmith.com/ to log in to web sites. To do this, you have to provide some special statements (a.k.a. magic) in your HTTP files that redirects the OpenID process from your web site to the service that actually does your OpenID authentication.

Continue Reading »

Posted under Security | 1 Comment »

Thanks to the help of Will Norris, one of the authors of the WordPress OpenID plugin, I’ve managed to get it to work. I will include some notes on using OpenID in a permanent page.

Posted under Security & WordPress | No Comments »

Note that OpenID now works on Cryptosmith. Continue Reading »

Posted under Security | 1 Comment »