On Tue, Dec 2, 2008 at 16:32, Yamandu Ploskonka <span dir="ltr"><<a href="mailto:yamaplos@bolinux.org" target="_blank">yamaplos@bolinux.org</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Also, re:spoofing, there would need to be an update of the data being<br>
sent, maybe changes with the clock, daily? Don't know how to keep the<br>
algorythm secure and still have this Open.<br>
<div></div></blockquote><div><br>That is mistake #1: Secret algorithms are _less_ secure than open ones, as secret ones have a smaller group of testers. There's a reason why _everybody_ uses AES, Blowfish, and the lot; it's because they've been publicly tested and held up to it.<br>
<br>OpenID, specifically, would be hard to implement in the current version of the spec, as our devices FQDNs will be changing often. Locally, it might work, but remote identification is a problem. <br><br>A tried-and-true way to go about this would be using Client Side Certificates, which has found to work under browse. In addition, the user data can be encrypted using GPG prior to transmission/storage, and if you want escrow of data you can encrypt it for two keys. <br>
<br>-lf<br></div></div><br>