Risks of Microsoft Passport
Steve Schear
schear at lvcm.com
Mon Aug 6 15:42:16 PDT 2001
Risks of Microsoft Passport
We all know the risks of trusting DNS and the fact that users click OK when
presented with certificate warnings in their browser. So what happens when
you build a single sign-on model for e-commerce that leverages these
technologies? You end up with some risks that users might not expect.
Microsoft's ambitious Passport service uses these common Internet
standards. Avi Rubin and Dave Kormann from AT&T Research Labs document the
risks of the Passport system in their research report, "Risks of the
Passport Single Signon Protocol".
http://avirubin.com/passport.html
More information about the cypherpunks-legacy
mailing list