+* Updates
+
+ <b>Sep 20, 2001:</b> Microsoft has just announced some changes
+ to passport that are rather interesting. This document
+ reflects the Passport system without taking into account the
+ new changes.
+
+ Read about it <a href="http://www.microsoft.com/presspass/features/2001/sep01/09-20passport.asp">here</a>.
+
+ For an analysis of security problems with passport, check <a
+ href="http://avirubin.com/passport.html">http://avirubin.com/passport.html</a>.
+ The bottom line is that you should not put any sensitive
+ information on passport.
+
+ I have received many comments from people, and I have updated
+ the page accordingly. From removing incorrect statements, to
+ fixing typos, to include mentions to other software pieces.
+
+ I also corrected my statement about IIS and a trojan horse, I
+ should read a more educated press in the future. My apologies
+ to Microsoft and its employees on this particular topic. IIS
+ did not have a trojan horse built in.
+
* Microsoft Hailstorm and Passport
Microsoft Passport is a centralized database hosted by
** Passport
- Passport is important not because of it being breaktrough
+ Passport is important not because of it being a breakthrough
technologically speaking, but because the company is in a
position to drive most people toward being suscribers of it.
at the corporate level policy, but also the fact that
the source code for Microsoft products is not
available, means that trojans or worms could be built
- into the products by malicious engineers. This is not
- unheard of, as the <a
- href="http://slashdot.org/articles/00/04/14/0619206.shtml">Microsoft
- Internet Server</a> had a trojan horse built into that
- allowed anyone that knew about this to control any
- server running IIS.
+ into the products by malicious engineers.
+
+ Various government officials in non-US countries also
+ have a policy that no state sensitive information can
+ be held by foreign companies in foreign soil. A natural
+ matter of national security to some.
* <b>Security:</b> With a centralized system like
Passport, imagine the repercussions of a malicious
Hackers have already <a
href="http://slashdot.org/articles/00/10/27/1147248.shtml">broken
into Microsoft</a> in the past. And the company was
- unable to figure out for how long their systems had been hacked.
+ unable to figure out for how long their systems had
+ been hacked.
+
+ Security holes have been found in <a
+ href="http://slashdot.org/articles/00/04/14/0619206.shtml">IIS
+ in the past.</a> If all the world's data is stored on
+ a central location, when a single security hole is
+ detected, it would allow an intruder to install a
+ backdoor within seconds into the corporate network
+ without people ever noticing.
+
+ Microsoft itself has been recently hit by worms,
+ imagine if all your business depended on a single
+ provider for providing all or your authentication
+ needs
</ul>
Microsoft might or might not realize this. The idea behind
system should not create an internet `blackout' in the
case of failure.
+ A distributed system using different software
+ platforms and different vendors would be more
+ resistent to an attack, as holes in a particular
+ implementation of the server software would not affect
+ every person at the same time.
+
+ A security hole attack might not even be relevant to
+ other software vendors software.
+
* <b>Allow for multiple registrars:</b> Users should
be able to choose a registrar (their banks, local
- phone company, service provider, Swizz bank, or any
+ phone company, service provider, Swiss bank, or any
other entity they trust.
* <b>Mandate good security measures:</b> As a
possibility of replicating and caching public information
about the user.
- For instant messaging (another pieces of the Hailstorm bit),
+ For instant messaging (another piece of the Hailstorm bit),
you want to use a non-centralized system like Sun's <a
href="http://www.jxta.org">JXTA</a>. Some people mailed me to
- mention Jabber as a messaging platform. Jabber suffers from
- the same problems that a centralized Passport has. If you
- want to do things right, you want to start with a fully
- distributed system.
+ mention Jabber as a messaging platform and other people
+ pointed out to the <a
+ href="http://java.sun.com/products/jms/">Java Message
+ Service</a>. The JMS does support a number of very
+ interesting features that are worth researching.
It could also just use the user e-mail address as the `key' to
choose the registrar (msn.com, hotmail.com -> passport.com;
figure out the details and the possible insecure pieces of a
proposal like this.
+** Implementation: In short
+
+ To keep it short: <b>DNS, JXTA, xmlStorage.</b>
+
+
** Deploying it
The implementation of such a system should be a pretty
- straightforward tasks once security cryptographers have
+ straightforward task once security cryptographers have
designed such a beast.
The major problems are:
laws to be passed in the US that eliminated most of
the rights people had.
- * <b>The industry will move way to slow:</b>
+ * <b>The industry will move way too slow:</b>
Microsoft's implementation is out in the open now: it
is being deployed, and soon it will be insinuated to
many, many users. The industry needs to get together
** Passport and Mono
- The .NET class libraries includes a Passport class that
+ The .NET class libraries include a Passport class that
applications might use to authenticate with Passport. Since
we do not have information at this point on the exact protocol
of Passport, it is not even feasible to implement it.
Currently, we are too far from the point where this is a real
issue.
+** Passport and endangering Open Source.
+
+ A few people have said: `Mono will allow Passport to be
+ available for Linux and that is bad'. This is plain
+ misinformation.
+
+ Currently, you can obtain Passport for Linux from Microsoft
+ itself and deploy it today on your Web server. Mono does not
+ even enter the picture here. Go to passport.com and download
+ the toolkit and you will see with your own eyes that passport
+ is <B>already</b> available for Linux.
+
** Disclaimer
This is just a group of personal thoughts of mine that I have
The views of this page are not a statement from my employer
(Ximian, Inc).
+ This is not part of Mono. We are not trying to deal with this
+ problem.
+
Nat Friedman (Ximian's co-founder) has his own ideas on how a
competing system to Passport could be designed, but I will let
- <a href="http://www.nat.org">him</a> post his own story.
+ <a href="http://www.nat.org/">him</a> post his own story.
+
+** Other Passport Comments
+
+ An interesting study on the security of passport is available at: <a
+ href="http://avirubin.com/passport.html">http://avirubin.com/passport.html</a>
+
+** Other Alternatives
+
+ Some people have pointed out <a
+ href="http://www.xns.org">XNS</a>
+
+Send comments to me: Miguel de Icaza (<a
+ href="mailto:miguel@ximian.com">miguel@ximian.com</a>)
-Send comments to me: Miguel de Icaza (<a href="mailto:miguel@ximian.com">miguel@ximian.com</a>)
\ No newline at end of file