Re: [xri] trust profiles for XRD

[Brian Eaton <beaton@google.com>]

On Wed, Dec 17, 2008 at 3:20 AM, Nat Sakimura <n-sakimura@nri.co.jp> wrote:
> Basically, it is kind of unfortunate, in addition to what George has pointed
> out, if we consider the case of domain owner change into the scope, it
> breaks.

Agreed, the http authority trust profile is at risk from this attack.
I'm OK with that risk.  Quite frankly, if a domain gets hijacked far,
far more is at stake than XRD or OpenID.  Monetary losses are
significant and immediate.

(Aside: it's also important to consider the case of *legitimate*
transfer of authority.  Just because the domain owner changed doesn't
make the change malicious.)

At any rate, I've added a "security considerations" section to the
http authority trust profile.

Nat, I see you put some comments in the http authority trust profile
about how it could be used for DCE authorities: it could not.  Someone
who wants to use DCE would define a DCE trust profile for XRD that
specifies the necessary security rules.  Likewise for absolute XRIs.

Cheers,
Brian