[OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
James A. Donald
jamesd at echeque.com
Mon Jan 22 18:41:33 UTC 2007
Hallam-Baker, Phillip
> > > If you change the browser you might as well really
> > > change the browser and use a strong authentication
> > > mechanism based on PKI
Ben Laurie
> > I'm sure you meant to say "based on asymmetric
> > cryptography".
Hallam-Baker, Phillip
> No, any time you have a trusted key you have an
> infrastructure.
No you do not, nor is PKI useful in solving phishing.
PKI is a solution that has been tried and has failed.
It has become an obstacle, as commercial interests
actively block alternatives that do not involve a small
number of centralized authorities with a special
privilege that enables them to intrude between client
and server and charge the server.
More information about the general
mailing list