[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [xri] SimpleSign Implementation
I'm trying to wrap my head around the security implications of SimpleSign, and I'm wondering where exactly it is better than TLS or XMLDSIG. While SimpleSign is designed to be easy to implement, it still has less implementations than TLS, or even XMLDSIG. There is also less existing security analysis, test cases, &c. The certificate from SimpleSign is X509, so depends upon the support of a CA. A certificate will only be valid if the subject applies to the CannonicalID. Getting such a certificate will cost the same as a TLS certificate, if they are not the identical. Why should I use a SimpleSign implementation instead of TLS or XMLDSIG? Some possible answers: * You shouldn't. (NO!!!) * Using TLS would require either all resources must be encrypted and sign (significant overhead), or that the XRD must be available under TLS while other resources may not (significant complexity). * Using TLS means that an XRD cannot be provided under restrictive hosting environments, as it cannot be implemented by uploading a PHP script over FTP. * Using XMLDSIG requires either a custom implementation (error prone), or support for a known-good implementation (restricted environments). * SimpleSign is simple enough that an amateur can implement it without worry of error, is easy to host, and allows flexible security for other resources. http://josephholsten.com PS. I'm still trying to get up to speed with everything in XRI, so I'm sorry if I ask silly questions
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]