Re: [apps-discuss] Webfinger discussion

[Bob Wyman <bob@wyman.us>]

On Mon, Mar 26, 2012 at 6:30 PM, Peter Saint-Andre <stpeter@stpeter.im>wrote:

> On 3/26/12 8:31 PM, Bob Wyman wrote:
> >
> >
> > On Mon, Mar 26, 2012 at 11:05 AM, Andrew Sullivan
> > <ajs@anvilwalrusden.com <mailto:ajs@anvilwalrusden.com>> wrote:
> >
> >     On Mon, Mar 26, 2012 at 10:35:54AM -0400, Paul E. Jones wrote:
> >
> >     > > Andrew Sullivan: when I was a kid, they told us to turn off
> >     finger, so I'm
> >     > > concerned about security
> >     >
> >     > That was due to the fact the finger protocol implementations had
> >     security
> >     > holes.  It was also possible to do things like "ln /etc/password
> >     .plan" and
> >     > that was a bad thing :-)
> >
> >     That wasn't the only reason they told us this.  One of the things
> that
> >     people used to worry about was that finger leaked information.  In
> >     particular, it was an excellent way to identify targets for account
> >     takeover: people who never logged in, and people who were in for
> >     endless days and therefore whose account was probably often
> >     unmonitored.
> >
> > WebFinger has primarily been used for providing access to relatively
> > static data rather than for the kind of dynamic "presence" information
> > that finger was often used for. Thus, when folk are thinking about
> > WebFinger, they are usually considering use cases like "locating a
> > user's blog," or "finding a user's public key." However, there isn't
> > anything in WebFinger that would prevent providing dynamic data such as
> > "current location (lat/long)," "logged in state," or even "last command
> > issued to bash..." (highly un-recommended!). If people did, in fact, use
> > WebFinger to record such stuff, the concerns you mentioned would be
> > relevant. Thus, it might make sense for the Security Considerations
> > section to suggest that one should think carefully before using
> > WebFinger to provide such dynamic information.
>
> We already have protocols for such dynamic publish/subscribe features
> (and those protocols include ways to authorize who can see what).
>
Certainly there are other protocols that are much better suited for the
sharing of dynamic information than is WebFinger. However, it is generally
the case that if a protocol *can* be used to address some need, it*
will*be used to address that need. Thus, I think we need to anticipate
that some
folk will, in fact, share dynamic information with WebFinger even if it is
not the optimal protocol for that purpose. Folk will do this for no other
reason than that they will wish to minimize the complexity of their
implementations by doing as much as they can with one mechanism. Others
will do it because they don't know of the alternatives.

I support the inclusion of pointers in the WebFinger spec to other
protocols that are better suited for the sharing of dynamic, rapidly
changing information.


> Webfinger might provide pointers to locations where one could subscribe
> to dynamic data, but AFAIK it would not be used to pull the data.
>
> Peter
>
> --
> Peter Saint-Andre
> https://stpeter.im/
>
>
>